On Sat, Jan 4, 2014 at 7:26 AM, Sven Hoexter <s...@timegate.de> wrote:
> I'm not sure how the OpenSSH implementation handles ACLs, maybe that's > an option but I did not test it. my first problem is successfully logging in with sftp-only and chroot'ing in place. AFAIK - ACL's would only come into play afterward. > Then there is Proftpd which has a mod_sftp extension. > > And there are still the solutions which predate the chroot() and > sftp-internal > implementation possible with OpenSSH like > - scponly > - rssh > - rush > > All of them have a somewhat mixed security record and have some cost in > terms of chroot setup and mainting them properly. > Sven, TX much for your reply... proftpd: 1) wheezy does not have an sftp module 2) proftpd appears to rely on openssh for sftp, so appears to add no value. 3) IF proftpd did provide working sftp - appears that it can not share port 22 w/ openssh (which i do still need for full-access users unrelated to SFTP). scponly: does not appear to be provided in wheezy !?!? can't find out why.... rssh/rush: 1) not sure what is: diff rssh rush (searches come up worthless to answer this) 2) i haven't used rssh in a very long time - i guess i have to dig into it again to see if it will allow chroot'ing with group "w" perms. 3) "mixed security record" is a big concern.
