You will need to have the Developer Tools (nee XCode) installed on your system for this to work.
Goodye, insecure old FTP. Hellooooo, security! Pass it on!
[robg adds: I haven't tested this one...]
|
|
|
By following these directions -- with the BIGGEST kudos to Masaki Ogawa, who is a credit to the Mac community -- you can use ssh and secure FTP (sftp) with chroot to enable truly secure file transfer. Both encrypt the session, and have it set so that sftp users won't have free run of the whole file system. I've tested this on OS X Server 10.3.5, and it worked like a charm, and without breaking anything.
You will need to have the Developer Tools (nee XCode) installed on your system for this to work. Goodye, insecure old FTP. Hellooooo, security! Pass it on! [robg adds: I haven't tested this one...]
•
[42,450 views]
Hint Options
Create a chrooted SSH/SFTP server on OS X
Hi, this is James, author of chrootssh. I use mac's for a lot of my work so I am thrilled to see some of my work listed here. Thanks!
My bad!
James...you're so right. I'm sorry I forgot to mention you and your help in the hint! You and Masaki-san helped this poor rookie sysadmin do something she didn't even know was possible more than a week ago—banish thath pesky FTP. Thanks for the great work!
Create a chrooted SSH/SFTP server on OS X
SonyaLynn,
Create a chrooted SSH/SFTP server on OS X
I tried this patch for OSSH-3.6.1 and it works beautifully: chrooted SSH, SCP, and SFTP. Very, very nice. There were two things that I discovered along the way (I'm a Linux neophyte, so bear with me): 1) At least under OS 10.3(.7), you'll need to copy your new sshd into /usr/sbin/sshd-chroot (rather than the stated /usr/local/sbin/sshd-chroot, which doesn't exist). 2) The patched OpenSSH-3.6.1 would NOT compile using the gcc provided with XCode 1.0 and/or 1.1. After grabbing XCode 1.5 from Apple, everything was smooth. Beyond that, it's worth noting that the mailing list discussions at http://chrootssh.sourceforge.net/ offer a wealth of information about configuring/tuning the resultant chrooted environment. Very helpful. --MW
Create a chrooted SSH/SFTP server on OS X
Thanks to SonyaLynn and mwnovak! I finally got this going on my machine... More advice...
Create a chrooted SSH/SFTP server on OS X
Schwie,
Create a chrooted SSH/SFTP server on OS X
Jay,
No, I never had to move any passwd files from what I remember. If you want a revised list of instructions in better english, I re-wrote the instructions, and these should work for you. http://www.schwie.com/brad/macosxsftpchroot Let me know if you hit anymore stumbling blocks. I'll add any recommendations you come up with. When it works, its really slick! Best of luck to you. Brad
Create a chrooted SSH/SFTP server on OS X
Do I use the latest version of the OpenSSH or use the 3.6.1, i try a few time and still get the connection refused when i do the testing
Create a chrooted SSH/SFTP server on OS X
I recently got this to work on OS 10.3.9 after a few hiccups along the way. I posted my experience here (Mac OS X Server 10.3.9 and the Chroots of My Labor) if interested.
---
Create a chrooted SSH/SFTP server on OS X
We can't seem to download the sourcecode from OpenDarwin:
Perhaps there's a typo error here, but I can't find it. Anyone else seeing this problem?
Server Elves
So I managed to get this working, but to be perfectly honest, I'm not 100% sure how! (I should note that my friend hypothesizes server elves are the real reason, btw...) :-D
One last note on CVS
BTW, the CVS step in the original instructions isn't working anymore. Just go to http://chrootssh.sourceforge.net and manually download the latest version from there and apply the patch. |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.35 seconds |
|