Hello Rico,

Friday, April 27, 2007, 2:25:59 PM, you wrote:

quoted text
>> I don't know if it is a good idea or not, but I read about
>> this patch yesterday and at first, I was pretty excited. I
>> have been handed the requirement to move an FTP server to
>> "something" more secure.  All the other requirements that 
>> have been given to me for this have very strongly pointed
>> right to SSH/SFTP.  However, I have yet to figure out how
>> to chroot users into their home folders with SFTP and that
>> is unfortuneately what the boss wants.  If someone knows
>> how to do this without patches like these Please let me 
>> know.  Otherwise, I will have to keep looking.  I certianly
>> know enough from lurking on this list to know that if there
>> are this many people on the list opposed to something there
>> has got to be something wrong with it and I don't want it.
>> 
>> No patch for me please!

  We  are  using  the chrootssh.sourceforge.net for our production ftp/sftp
server.   For   an   additional  security  we  set  sftp  users  shell  to
/usr/libexec/openssh/sftp-server. I consider that patch as "semi-official".
But it sounds like you don't want *any* patches.
  You  can  use a commercial ssh - they have chroot feature (similar to the
chrootssh).
  You  can also use ftp over ssh2 (we also use it). ssh does encryption and
authentication, ftp - speed (it's faster than sftp) and chroot. You'll just
need  to set up ssh to listen out and ftp - on the localhost only. Downside
is  that  I  haven't  heard about free client supporting it. But if you can
afford  to  buy something like www.vandyke.com/products/securefx/index.html
for every user (or force them to buy it) - this solution is for you.

-- 
Best regards,
 Boris                            mailto:boris@twopoint.com