Skip to topic | Skip to bottom
Home
Socialtools
login

edit

Socialtools.StandardRsshr1.1 - 03 Jul 2005 - 22:11 - TWikiGuesttopic end
Start of topic | Skip to actions

rssh Restricted Shell

rssh version

Tested with rssh 2.2.3.

Introduction

rssh is a shell that's meant to be used with SSH; it allows people to transfer files using scp and sftp, but doesn't allow them to log in using ssh. It can also show users a chrooted view of the filesystem, so they can only see files in a particular directory.

This is particularly useful for users who want to maintain static HTML pages on a web site. Uploading files using FTP is inherently insecure, so we don't support it. The sftp command provided by OpenSSH is a more secure alternative, but it doesn't have chroot functionality built in, and doesn't provide a way to disallow logins. rssh fills those gaps.

Installation

Requires StandardOpenSsh.

Download the tarball from the rssh web site. Install /usr/local/configure-wrappers/configure-rssh (make it executable). 

tar zxf rssh-2.1.1.tar.gz
cd rssh-2.1.1
/usr/local/configure-wrappers/configure-rssh
make
sudo make install

Edit /usr/local/rssh/etc/rssh.conf so it contains: 

allowscp
allowsftp
chrootpath=/chroot/www

Install /usr/local/bin/make-rssh-chroot.sh (make it executable), and run it: 

sudo /usr/local/bin/make-rssh-chroot.sh

This creates a chroot jail in /chroot/www, containing everything needed to run scp, sftp and rssh, and a few other bare necessities.

In /etc/init.d/sysklogd, add the following to the value of the SYSLOGD variable: 

-a /chroot/www/dev/log

Restart sysklogd: 

sudo /etc/init.d/sysklogd restart

For each user, you'll want to create an Apache virtual host, as described in StandardApache. In this example, your virtual host is www.example.info, and user testuser will be able to update the files for that virtual host. 

cd /chroot/www/var/www
sudo mkdir -p www.example.info/htdocs
sudo mkdir -p www.example.info/logs
sudo adduser --home /chroot/www/var/www/www.example.info --no-create-home --shell /usr/local/rssh/bin/rssh testuser
sudo cp /etc/passwd /etc/group /chroot/www/etc
cd www.example.info
sudo chown -R testuser.testuser htdocs
sudo ln -s /chroot/www/var/www/www.example.info /var/www/www.example.info

Now create the virtual host configuration in /usr/local/apache/conf, as described in StandardApache, using /var/www/www.example.info as the path to the virtual host.

Using rssh

If users need to update files from Windows machines, PuTTY is a good free ssh/sftp implementation for Windows. WinSCP seems to be popular as well. For Mac OS X, there's Fugu.
to top

End of topic
Skip to action links | Back to top

I Attachment sort Action Size Date Who Comment
configure-rssh manage 0.2 K 25 Oct 2003 - 20:34 BenjaminGeer /usr/local/configure-wrappers/configure-rssh
make-rssh-chroot.sh manage 2.0 K 03 Jul 2005 - 22:11 BenjaminGeer /usr/local/bin/make-rssh-chroot.sh

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.7 | > | r1.6 | > | r1.5 | Total page history | Backlinks
You are here: Socialtools > ServerConfigStandard > StandardRssh

to top

Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Open-org? Send feedback