The difference here though, is that sftp relies on ssh. You would need ssh to be able to read a chrootuser config file or a magic token in the home dir shell entry( /./ ).
I have seen a patch like this (unsupported by OpenSSH team)
why?
for the portable versions, and thought about porting it over to the OpenBSD code, but it's been bumped down on the priority list lately. When I played with it before (OpenBSD 3.0 / OpenSSH 3.4)> not _currently_officially_ supported for good reason.
I was able to get ssh to stick in the chroot I set with the token,
but sftp would aways break out. Playing more, I could get out of ssh chroot home.
Basically the moral is: If you don't have a proper chroot environment, with or without the *magic cookie*, ... You're screwed. It is
Chris.
I believe, ftp with ssl is the better solution. and easier...
Could you press "ENTER" after circa 70 characters when you writing e-mails? It looks very terrible...
thanks
David Maez wrote: > This has been covered before. > > Search the archives, but I believe the short answer is to > set the users' shells to /<path>/sftp-server > > They can now sftp, but they can't ssh in. >
yeah, very good! they change now their directory to other home directories and download their web-files with users and passwords data...
Isn't there a config-file like ftpchroot for sftp?