Firewall Wizards mailing list archives

Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U)

From: Ng Pheng Siong <ngps () netmemetic com>
Date: Thu, 4 Apr 2002 23:16:35 +0800

On Thu, Apr 04, 2002 at 09:57:21AM +0200, Patrick M. Hausen wrote:

The downside: at the moment I haven't found a way to use it as an
actual replacement for FTP on our webserver. Customers updating their
virtual servers' htdocs directory are chrooted inside their part
of the filessystem tree. I haven't found a way to achieve this
with sftp: simple chroot and _no_ shell access.


Write your own shell. If you have access to the commercial ssh2, see
the manpage/source for ssh-dummy-shell.

IIRC, in essence, the ssh protocol says that user commands are executed
using the user's shell. You can install your own shell that invokes the
sftp subsystem only. 

A programmer at a client's got a working shell for this, written in Perl,
in a morning. 

(I haven't been tracking - perhaps by now OpenSSH has a ssh-dummy-shell
implementation, too.)

-- 
Ng Pheng Siong <ngps () netmemetic com> * http://www.netmemetic.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U), (continued)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 03)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Matt Curtin (Apr 03)
    - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 05)
    - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Joseph S D Yao (Apr 06)
    - Re: Strength in diversity: was - The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 06)
    - Re: Strength in diversity: was - The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Joseph S D Yao (Apr 06)
    - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Ng Pheng Siong (Apr 06)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Joseph S D Yao (Apr 03)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) R. DuFresne (Apr 04)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Patrick M. Hausen (Apr 04)
    - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Ng Pheng Siong (Apr 05)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Ng Pheng Siong (Apr 05)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Tom Kistner (Apr 05)
  - RE: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Benjamin P. Grubin (Apr 06)
    - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Fritz Ames (Apr 06)
    - RE: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Benjamin P. Grubin (Apr 06)
    - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)
- RE: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Robert Collins (Apr 04)
  - Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)

(Thread continues...)