SFTP Administration?

Janina Sajka janina at afb.net
Mon Apr 1 14:41:39 EST 2002 

Yes, it is primitive, but I don't know of much better that enforces a 
secure connection other than scp -- which isn't an ftp client at all. My 
research for ACB is attached, but the main thing you'll get from it, I 
think, is the recommendations on Windows clients.

What you want seems to be what the wu-ftpd folks call guest ftp. Under 
guest ftp, real users login with their real usernames and passwords, but 
are chroot'ed to their /home/ user directory trees. Their HOWTO is at:

http://www.wu-ftpd.org/HOWTO/guest.HOWTO


 On Mon, 1 Apr 2002, 
Steve Holmes wrote:

> That's right, We intend this to be a private FTP site with private users.
> We just don't want them to be able to peek into other directories in which
> they don't belong.  If a different solution is more appropriate, I'm all
> ears.  I recall you did some research a while back for ACB and secured
> FTP? Maybe we're barking up the wrong tree to secure the FTP sessions.  If
> SFTP is indeed the way to go, then I'm curious to know of good compatible
> sftp clients for both linux and windows.  The only thing I've used so far
> was sftp which doesn't provide any progress status and is rather primitive
> to me.  That's basically it.
> 
> On Mon, 1 Apr 2002, Janina Sajka wrote:
> 
> > Hmmm, you're right. An sftp client request opens over ssh and launches
> > sftp-server.
> >
> > So, now I've forgotten your earlier question. You wouldn't use this for
> > anonymous logins, right? So, why restrict bonafide users on your system to
> > uploads in certain directories?
> >  On Mon, 1 Apr 2002, Steve Holmes wrote:
> >
> > > I realize that, but when one uses SFTP for secured FTP sessions, they come
> > > into ssh and as far as I can tell, no ftp servers are involved.  Is this
> > > the correct observation? If so, then my questions from my previous
> > > questions still apply.  I'm still wondering which windows ftp clients work
> > > with sftp.  FTP Voyager seems to support SSL incrypted ftp but seemingly
> > > only with Serve-U server.  I see no mention of sftp (part of ssh) for this
> > > client.  I also would like to see progress messages when I do sftp like
> > > you get with ncftp but the standard sftp client doesn't seem to offer
> > > this.  I haven't had a chance to look at lftp to see if it is any better.
> > >
> > > I hope this is clearer now:).
> > >
> > > On Mon, 1 Apr 2002, Janina Sajka wrote:
> > >
> > > > Steve:
> > > >
> > > > sftp is a client, not a server. If you want to tighten ftp against known
> > > > security issues, read the documentation provided with the ftp servers.
> > > > There's no need to reinvent the wheel.
> > > >  On Sun, 31 Mar 2002, Steve Holmes
> > > > wrote:
> > > >
> > > > > I know, this doesn't have to do with speakup but I have a question for
> > > > > anyone who might have had some experience with Secured FTP (SFTP).  So
> > > > > far, I realize that SFTP is a subset of ssh so I don't think any of
> > > > > the conventional FTP servers like proftp have any chips in the deal.
> > > > > I'm setting such a thing up on a private machine for my friend and
> > > > > haven't been able to find much on controling access and rights.  What
> > > > > I've done so far is to add users on this machine like any other shell
> > > > > accounts but force their default directory to be /home/ftp instead of
> > > > > /home/user-id.  I then put some symbolic links in this ftp directory
> > > > > to point to the various download areas.  So far, the permissions look
> > > > > good but I'd like to tighten things up a bit; I would like to "lock"
> > > > > the users into the /home/ftp directory and subdirs.  Another rinkle
> > > > > here is the sym links.  Once you cd to a symlinked directory, doing a
> > > > > cd .. takes up from that point, and not back to where you were
> > > > > before.  One big disadvantage to symbolic links, I guess.
> > > > >
> > > > > Another question, are there any sftp clients out there for linux that
> > > > > might be a bit better than the strait sftp command? I wish ncftp could
> > > > > do it, but it doesn't look like it can.  Also many of the future users
> > > > > of this machine are from winblows; what are some good sftp clients for
> > > > > winblows?  Personally, I like FTP Voyager but 9.0 has SSL support but
> > > > > does not appear to do sftp specifically.  I think it may be locked
> > > > > into connectivity with their own server, Serv-u.
> > > > >
> > > > > Any ideas on this stuff?
> > > > >
> > > > > _______________________________________________
> > > > > Speakup mailing list
> > > > > Speakup at braille.uwo.ca
> > > > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > > > >
> > > >
> > > >
> > >
> > >
> > > _______________________________________________
> > > Speakup mailing list
> > > Speakup at braille.uwo.ca
> > > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > >
> >
> >
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina at afb.net		Phone: (202) 408-8175

Chair, Accessibility SIG
Open Electronic Book Forum (OEBF)
http://www.openebook.org

More information about the Speakup mailing list