Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   adding secure accounts for remote users? (http://www.linux-archive.org/debian-user/245622-adding-secure-accounts-remote-users.html)

Eric Gerlach 02-14-2009 09:18 PM

adding secure accounts for remote users?
 
On Sat, Feb 14, 2009 at 03:10:07PM -0500, Zach Uram wrote:
> I want to give some friends accounts on my server so that they can
>
> 1) ssh in to the sever
> 2) have web space on the apache2 webserver such as $HOME/public_html
> so they would be http://www.server.org/~user
>
> How exactly can I setup these 2 things?
>
> Also how can I restrict the users to *only* their $HOME directory so
> they cannot cd or ls any other directories or files on my filesystem?
>
> Running Debian lenny.

If all you're looking to do is give them the ability to SFTP, you can do the
following:

http://www.debian-administration.org/articles/590

However, if they need a shell prompt, that's a lot harder. You'll have to
create a chroot jail (and note that they aren't perfect). Google for "chroot
ssh" to get more information. Spend a *lot* of time reading up, because it's
not trivial. Also you'll have to put a copy of every command you want your
users to be able to run in the jail.

Overall, if you can convince your users to live with SFTP only, do that. It's
what we've done in one case, and nobody really cares most of the time.

Cheers,

--
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerlach@feds.uwaterloo.ca


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Zach Uram 02-14-2009 11:08 PM

adding secure accounts for remote users?
 
Shams and Eric,

Thanks for the replies, I decided to go with just SFTP for now. I
suppose they could also use SCP?

Regards,
Zach


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Eric Gerlach 02-15-2009 01:04 AM

adding secure accounts for remote users?
 
On Sat, Feb 14, 2009 at 07:08:05PM -0500, Zach Uram wrote:
> Shams and Eric,
>
> Thanks for the replies, I decided to go with just SFTP for now. I
> suppose they could also use SCP?

Technically, no, they're different protocols. I'm not sure if newer versions
of scp will try sftp first, but there is a separate sftp program. Windows
users can use FileZilla, OSX users can use Fugu (IIRC).

Cheers,

--
Eric Gerlach, Network Administrator
Federation of Students
University of Waterloo
p: (519) 888-4567 x36329
e: egerlach@feds.uwaterloo.ca


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

L Glidewell 02-15-2009 01:38 AM

adding secure accounts for remote users?
 
On Saturday 14 February 2009 16:08:05 Zach Uram wrote:
> Shams and Eric,
>
> Thanks for the replies, I decided to go with just SFTP for now. I
> suppose they could also use SCP?
>
> Regards,
> Zach

Configure the users with the scponly shell and they will be able to use either
scp or sftp as needed.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

"Andrew McGlashan" 02-19-2009 12:16 PM

adding secure accounts for remote users?
 
Hi,

L Glidewell wrote:

On Saturday 14 February 2009 16:08:05 Zach Uram wrote:

Thanks for the replies, I decided to go with just SFTP for now. I
suppose they could also use SCP?


Configure the users with the scponly shell and they will be able to
use either scp or sftp as needed.


I would use scponlyc -- the chroot version, that allows winscp.

Cheers
AndrewM

Andrew McGlashan
Broadband Solutions now including VoIP


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 07:54 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.