Home ยป Secure FTP Server in Chroot Jail Environment

Secure FTP Server in Chroot Jail Environment

Often SFTP is confused with FTPS Well, they are different SFTP – Part of SSH server FTPS – Secure implementation of FTP server (yes, both use SSL encryption on the transport) WHAT IS JAILROOT/CHROOT? Evey process in *NIX systems has Process Context. This context contains the “absolute path” of the command that lead to creation of the process. e. g. $ ls The Process Context shall contain “/bin/ls”. It must be noticed that process has visibility till “/”. The hacker may somhow access all directories below “/” as they are in visibility. This is insecure.

There's a specialist from your university waiting to help you with that essay.
Tell us what you need to have done now!


order now

We decrease the visibility of process by creating altogether a separate directory called CHROOT or JAILROOT. For eg. if /dir1/dir2/chroot-dir is the JAILROOT directory in our configuration then the process run from login within this directory shall have no knowledge of anything above “/dir1/dir2/chroot-dir/”. For this process /dir1/dir2/chroot-dir/ is their “/” in the process context. CREATE USER WHO WILL BE ALLOWED TO LOGIN THROUGH SFTP sage ~]# useradd sftp-user Make sftp-server as login shell for that user. sage ~]# usermod -s /bin/false sftp-user CREATE JAILROOT DIRECTORY age ~]# mkdir /chroot-dir && chown root. sftp-user /chroot-dir && chmod 750 /chroot-dir

MODIFY SSH SERVER CONFIGURATION TO ENABLE SFTP IN CHROOT sage ~]# vi /etc/ssh/sshd_config #Subsystem sftp /usr/libexec/sftp-server Subsystem sftp internal-sftp ChrootDirectory /chroot-dir ADD /usr/libexec/openssh/sftp-server AS A VALID LOGIN SHELL sage ~]# echo ‘/usr/libexec/openssh/sftp-server’ >> /etc/shells sage ~]# /etc/init. d/sshd restart TEST SFTP bash~$ sftp [email protected] domain Connecting to hostname. domain… [email protected] domain’s password: sftp> ls sftp> quit

x

Hi!
I'm Sophie Gosser!

Would you like to get such a paper? How about receiving a customized one?

Check it out