On Fri, Feb 03, 2006 at 11:50:49PM +0100, Wijnand Wiersma wrote:
> 2006/2/3, Joachim Schipper <[EMAIL PROTECTED]>:
> > On Fri, Feb 03, 2006 at 04:37:12PM -0500, Peter Fraser wrote:
> > > Since I believe that everyone agrees that ftp is
> > > horrible, particularly for firewalls. How come
> > > there is no equivalent to an anonymous sftp.
> >
> > Isn't there?
> >
> > Anonymous ftp is just username/password authentication using a
> > well-known username and any password. Publish the username and the
> > password somewhere, and you have anonymous sftp.
>
> And use scponly as login shell of course.
Either that, or use something that actually works. scponly has had more
than its share of leaks; there are some third-party chroot patches to
OpenSSH out there that I've never seen on Full-Disclosure, at least. Not
sure how much that is worth, though.
Given the choice, I'd use public-key authentication and put a chroot-ish
command in the command= field in authorized_keys. At least that's
supported.
Joachim
