Hello! On Thu, Aug 01, 2002 at 02:32:01PM +0200, Jones Down wrote: ... > My alternative is to use ssh, there is a really beatiful win-prog to > use scp, looks like mc, can be found here: > > http://winscp.vse.cz/eng/ > > but then again you should setup a chroot environment, because it�s > still not possible to restrict access to a directory with ssh as > tight as with some ftp-servers, because ssh needs some libraries and > stuff, so there will be always more then just one upload-dir to see > for the users. Also don�t forget, that with ssh you users have a full > shell account, so building that jail should be done with real care. In > most cases it�s more than you want to give them - what again makes me > cry about missing ssl in proftpd :( ...
Ssh version 2 allows you to restrict access to an account, to only use on specific command, via the private/public key. There is on example I know of: "anonymous access to CVS via ssh", which could be used as a reference, search for it at the CVS sites. This enforces you to use public/private keys, which is good practice anyway. You can issue/setup personal keys for individual users, and you can generate a key for "anonymous" access, which is a small file (the key) which you put publicly on a web page and anyone who wants to access your repository downloads the file and tells it's secure-shell client to use it as ID when to connect to the server. I have read once, that the ftp-subsystem of SSH (sftp) opens security wholes, but do not know why, I leave it disabled in my setups. On the other hand, there is stunnel, which allows you to create an ssl tunnel for any server/client pair. If this is not possible for proftpd for any tecnical reason don't tell me, I don't install ftp servers. Best Regards, Jorge-Le�n