FTP is insecure protocol, but file-transfer is required all time. You can use OpenSSH Server to transfer file using SCP and SFTP (secure ftp) without setting up an FTP server. However, this feature also grants ssh shell access to a user. Basically OpenSSH requires a valid shell. Here is how sftp works:
SCP/SFTP -> SSHD -> Call sftpd subsystem -> Requires a shell -> User can login to server and run other commands.
In this article series we will help you provide secure restricted file-transfer services to your users without resorting to FTP. It also covers chroot jail setup instructions to lock down users to their own home directories (allow users to transfer files but not browse the entire Linux / UNIX file system of the server) as well as per user configurations.
rssh ~ a restricted shell
rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. It now also includes support for rdist, rsync, and cvs. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that.
Supported operations using rssh
Restricted shell only allows following operations only:
- scp - Secure file copy
- sftp - Secure FTP
- cvs - Concurrent Versions System ~ you can easily retrieve old versions to see exactly which change caused the bug
- rsync - Backup and sync file system
- rdist - Backup / RDist program maintains identical copies of files on multiple hosts.
CentOS / Fedora / RHEL Linux rssh installation
Visit Dag's repo to grab rssh package
# cd /tmp
# wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.i386.rpm
# rpm -ivh rssh-2.3.2-1.2.el5.rf.i386.rpm
Debian / Ubuntu Linux rssh installation
Use apt-get command:
$ sudo apt-get install rssh
# cd /usr/ports/shells/rssh
# make install clean
Make sure you build binary with rsync support.
rssh configuration file
- Default configuration file is located at /etc/rssh.conf (FreeBSD - /usr/local/etc/rssh.conf)
- Default rssh binary location /usr/bin/rssh (FreeBSD - /usr/local/bin/rssh)
- Default port none - ( openssh 22 port used - rssh is shell with security features)
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop