On Fri, Mar 14, 2008 at 11:24:59AM -0400, John Stoffel wrote:
"Brian" == Brian J Conway <bconway@alum.wpi.edu> writes:
Now maybe I'm a little out of date, I'd love to know that more recent versions of OpenSSH support chroot'd sftp jails.
Brian> Actually, there is recent development on that front:
Brian> http://undeadly.org/cgi?action=article&sid=20080220110039
Brian> I don't believe it's part of any release of OpenSSH yet, but Brian> presumably soon.
Interesting. I'm still interested in the scp option though, since that's just as easy for user to use, and just as secure as sftp from what I see. I'd figure if you just did a static linking, you'd be all set.
The key, to me, is to automate the setup of the jails and then you're done. Don't make it a manual process at all.
Check this thread for a sftp-only chroot solution: http://www.mail-archive.com/misc@openbsd.org/msg29106.html