HPE Community
Operating System - HP-UX
1753819 Members
8040 Online
108805 Solutions
New Discussion юеВ

Re: sftp chroot help...

 
MikeL_4
Super Advisor

тАО10-01-2009 09:27 AM

тАО10-01-2009 09:27 AM

sftp chroot help...

I have sftponly setup on a server and not having any issue with it, as the id being used can only use sftp...

I do need to lock the id into there home directory, right now they can move around where ever they want to..

Can you assist with this setup...

user id for sftp only account:
mpxsftp:x:113:116:chrooted user:/home/centftp/prod/00036_mpx/incoming:/bin/sftponly

I am running HP-UX 11.11 and following Secure Shell Version:
T1471AA A.05.10.006 HP-UX Secure Shell

Thanks
0 Kudos
Reply
4 REPLIES 4
TTr
Honored Contributor

тАО10-01-2009 10:43 AM

тАО10-01-2009 10:43 AM

Re: sftp chroot help...

http://docs.hp.com/en/5900-0430/5900-0430.pdf
It briefly mentions the ssh and chroot environments and prompts you to read the README.hp file under /opt/ssh. There is also a script to make the conversion of a regular account to a chrooted account, /opt/ssh/utils/ssh_chroot_setup.sh

Have you looked at these?
0 Kudos
Reply
MikeL_4
Super Advisor

тАО10-01-2009 11:00 AM

тАО10-01-2009 11:00 AM

Re: sftp chroot help...

I tried the script, and it made no difference...

Only thing I can see that it did was take away the sftponly and changed it to /bin/sh

I could still move around to other file systems.
0 Kudos
Reply
Ivan_86
Frequent Advisor

тАО10-01-2009 02:13 PM

тАО10-01-2009 02:13 PM

Re: sftp chroot help...

Please check the document page 47


Regards
0 Kudos
Reply
MikeL_4
Super Advisor

тАО10-02-2009 04:22 AM

тАО10-02-2009 04:22 AM

Re: sftp chroot help...

Followed instruction as indicated, and it all works fine, except that I can still do a cd /, and when I do I am in / and not this users home directory....

mpxsftp:x:113:116:chrooted user:/home/centftp/prod/00036_mpx/incoming/./home/mpxsftp:/bin/sftponly

=>sftp mpxsftp@tstsrvr
Connecting to tstsrvr...
Password:
sftp> pwd
Remote working directory: /aftp/reformaster/home/centftp/prod/00036_mpx/incoming/home/mpxsftp
sftp> ls
bin opt usr
sftp> cd /
sftp> pwd
Remote working directory: /
sftp> ls
2 aftp apps auto
autoemh autoemh2 autoemh3 autoemh4
autoemh5 autoemh6 bin ca_lic
cnpuref1 cust dev emh
etc etrust export fonts.alias
fonts.dir ftp home home2
lib lost+found mnt monitor
net opt orderofscript.txt osg1
prod realtime root sbin
sources stand tmp tmp_mnt
umount_uref1vg01 uref1vg01.mapfile uref1vg01.outfile usr
var vgdisplay.uref1vg01
sftp> quit
=>
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.