Stefano’s Stuffs

Fast ssh/sftp jail

In the last 48 hours I performed the installation of a large ftp/stp/ssh server; everything works ok except that, for some obscure reasons, I cannot deny to a connected user the access of the directories’ list; I’ve tried PureFtpd, Vsftpd, Proftpd and all the instructions related to chrooting an user by adding commands in the various configuration files…Don’t know why but it didn’t work!!It never happened before…So I think about another solution and…VoilĂ , ultrafast Ubuntu server with Proftpd and the hi-power of scponly:

1 – Install a Ubuntu server (preferably 8.04 or 8.10, for immediately install ssh server during the first process)

2 – Make a user during installation and leave all other settings by default

3 – Give to your server a static ip (sometimes ifconfig sucks, just in case install webmin and change the network from it using your browser) and do a sudo apt-get update

4 – Let’s do sudo apt-get install scponly

5 – Immediately reconfigure the software for the chroot version with sudo dpkg-reconfigure -plow scponly and answer “YES” to the menu

6 – Go to /usr/share/doc/scponly/setup_chroot and sudo gunzip the .gz file inside the directory

7 – Do sudo chmod + x setup_chroot.sh and launch it with sudo ./setup_chroot.sh

8 – Follow the instructions and add a totally new user (choosing the home and the incoming directory, the only one where the user can write!)

9 – Do sudo apt-get install proftpd and configure it by editing the /etc/proftpd/proftpd.conf (google for the configuration, but it’s sufficient to edit the name of the server, uncomment “DefaultRoot” and few others) and let’s restart it with sudo /etc/init.d/proftpd restart

10 – Log in with some sftp client like Filezilla to the hostname on port 22 with the username and password of the scponly user. VoilĂ , you see few directories, you cannot go anywhere and the only interesting thing is to up/down to the incoming dir;-)

October 15, 2008 Posted by | computer | , , , , , , , , , , | 4 Comments