chroot openssh

[patetobg]

10x :)
i would like to hear from you :)
because everywhere i ask this question people say :"try this,and this ..."
and when DO try it and it does not work ....... "i don't know" is the answer :)
the reason i want to do this is mostly to chroot sftp .... ( there is info on that too, it sucks :)

so , please , tell me what happened :)

i heard about chrooting proftp , but also read somewhere that ftp is not so secure .... so tell me your ideas on this :
chrooted proftp vs. chrooted sftp
:)

[jasonlambert]

Normal FTP is in clear text (not encrypted), so anyone with a packet sniffer on the network between the server and client could potentially see any password's and files transmitted.

Sftp (Secure file transfer protocol) is encrypted.

With both Sftp and Proftpd you still need to keep the daemons (sshd and proftpd respectivly) upto date.

The other big difference being that SFTP transfer's via port 22, whereas proftpd is standard ftp, hence port's 21(command) and 20(data) will be used.

Last but not least, normal FTP is accessable to most people (most people, even windows users) have some sort of FTP client on their machines, whereas SFTP require's a different FTP client, one capable of handling the encrypted session. These are available for download, but you need to look at the skill's of the people who you intend to use this server.

Jason

[patetobg]

so sftp is better ?
(one port , less firewall rules ?)
chrooted sftp - much better?
if yes , how do i do that?
i tried chrooting ssh and sftp but it's not working...
so i'll wait to see if sarumont will do it ...... just hope he will :)

[sarumont]

Well, sftp runs from the same daemon as ssh, so once ssh is running chrooted, then sftp will run the same way. As far as sftping from windows, all you have to do is download PSFTP. This page also has a windows ssh client (PuTTY).

And I'll let you know when I get a chance (sometime this week) to attempt to setup chrooted ftp.