Firewall Wizards mailing list archives
Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U)
From: Ng Pheng Siong <ngps () netmemetic com>
Date: Thu, 4 Apr 2002 23:16:35 +0800
On Thu, Apr 04, 2002 at 09:57:21AM +0200, Patrick M. Hausen wrote:
The downside: at the moment I haven't found a way to use it as an actual replacement for FTP on our webserver. Customers updating their virtual servers' htdocs directory are chrooted inside their part of the filessystem tree. I haven't found a way to achieve this with sftp: simple chroot and _no_ shell access.
Write your own shell. If you have access to the commercial ssh2, see the manpage/source for ssh-dummy-shell. IIRC, in essence, the ssh protocol says that user commands are executed using the user's shell. You can install your own shell that invokes the sftp subsystem only. A programmer at a client's got a working shell for this, written in Perl, in a morning. (I haven't been tracking - perhaps by now OpenSSH has a ssh-dummy-shell implementation, too.) -- Ng Pheng Siong <ngps () netmemetic com> * http://www.netmemetic.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U), (continued)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 03)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Matt Curtin (Apr 03)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 05)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Joseph S D Yao (Apr 06)
- Re: Strength in diversity: was - The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 06)
- Re: Strength in diversity: was - The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Joseph S D Yao (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Matt Curtin (Apr 03)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Ng Pheng Siong (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Marcus J. Ranum (Apr 03)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Ng Pheng Siong (Apr 05)
- RE: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Benjamin P. Grubin (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Fritz Ames (Apr 06)
- RE: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Benjamin P. Grubin (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)
- Re: The yearly FTP rant (Was: Re: Passive FTP and NAT/PAT with PIX and Serv-U) Mikael Olsson (Apr 06)