LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-28-2006, 08:12 AM   #1
yogaboy
Member
 
Registered: Oct 2004
Location: Londinium
Distribution: CentOs 4, OSX Tiger
Posts: 93

Rep: Reputation: 15
sftp chrooted on samba - suggestions


Hi,

I've got a Samba server that my boss wants to access remotely. I've decided that sftp might be a good way to do this. I want to chroot sftp, I've got a HOWTO on that, but I'm wondering if chrooting will affect a user's ability to see shares, or if it's worth chrooting because they can see shares and so are outside of the chroot.


Sorry, I'm a relative noob to this -especially chroot - but I really want to try and make this as secure as possible. Any help is much appreciated.

Apologies if this should go in the networking forum.
 
Old 12-28-2006, 09:20 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
if it's the case where you have no better method of controlling access, then certianly a chroot jail is handy, but it's worth detaching yourself from samba and shares here. ssh / sftp has nothing whatsoever to do with samba, so they won't see anything as "shares" at all... note that outside of a chroot jail, you can also restrict access to source address, if you boss is always coming form a known location, via tcpwrappers or us a preshared key to add extra layers of security to the connection.
 
Old 12-28-2006, 09:24 AM   #3
yogaboy
Member
 
Registered: Oct 2004
Location: Londinium
Distribution: CentOs 4, OSX Tiger
Posts: 93

Original Poster
Rep: Reputation: 15
excellent, thanks. I'm going to give them certificates to authenticate with, but they're generally on dynamic ip's, though I'm trying to convince them to go static so I can restrict access that way too.

Thanks for the insight, it's much appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chrooted SFTP + FTP server TotalDefiance Linux - Server 4 12-08-2006 09:37 AM
Chrooted sftp - complete list of things to do? rose_bud4201 Linux - Networking 2 09-26-2006 07:30 PM
Problem with Scponly and chrooted SFTP kicko Mandriva 2 07-14-2006 02:10 PM
FC3 : Failing to configure a chrooted sftp gmuller Linux - Software 3 06-28-2005 02:39 AM
How do I use sftp to upload my web site? (no sftp tar command) johnMG Linux - Networking 6 06-21-2005 10:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration