[BlueOnyx:00160] Re: SSH file transfer

Michael Stauber mstauber at blueonyx.it
Tue Jan 13 15:46:42 -05 2009 

Hi Jay,

> Is there a way to perform file transfer through SSH in BlueOnyx without
> giving the user access to the whole server directory structure?
> We would like to migrate away from FTP, and utilize a jail within the users
> site for SSH..
> Anyone had any experience with this with BQ or BO ?

At the moment that's not really supported. We simply use the OpenSSH that 
comes with CentOS, so if a user has shell access, he can see a lot of things 
on the server to which he rather should not have read access.

Back on BlueQuartz server admins typically therefore didn't grant people shell 
access.

We're thinking about how this situation can be improved for BlueOnyx.

Of course chrooted jails through SSH sounds like the typical approach. 
However, when you look at the techical requirements for that things get ugly 
pretty fast. For starters we'd have to recompile OpenSSH, as the CentOS5 
provided OpenSSH won't do jails out of the box. Which also means that we'll 
be "out of the loop" when it comes to vulnerabilities in OpenSSH and must be 
pretty much on our toes to quickly provide OpenSSH updates whenever 
necessary. The prospect of that is not really very tempting and that attempt 
to add more security may potentially lead to more serious security 
vulnerabilities.

The next issue is that setting up the actual jails requires some pretty heavy 
scripting efforts on each box. Automating this to a point where it'll work 
relieably for everyone will be a bit tough.

Another approach which is *much* easier to implement and which I'm looking 
into now:

Providing a "SCP only shell".

Means: For each site or user you will be able to choose between ...

- No shell access at all
- Full shell access
- SCP only shell (new)

If set to "SCP only", the user can use an SCP client to upload files by SSH to 
directories he has write access to. 

See: http://sublimation.org/scponly/wiki/index.php/Main_Page

The package "scponly" provides two access methods (each user can only have one 
of them):

"scponly" shell:  He can use an SCP client (like WinSCP) to upload / download. 
He still can see everything that he typically could see through SSH, but he 
can't run commands on the server. So a nosy client can still "snoop" around.

"scponlyc" shell: Chrooted SCP shell. Same as above, but the users session is 
inside a jail, so only sees "his own stuff".  

Still: The chrooted scponly doesn't work on CentOS5 out of the box, as setting 
up the actual jail is more tricky:

http://sublimation.org/scponly/wiki/index.php/FAQ#Chroot_and_CentOS_5.x

Bottom line: At the moment we're still "lining up the ducks" and evaluating 
the options. But eventually we will provide a secure shell alternative for 
BlueOnyx out of the box.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list