Secure FTP Server in Chroot Jail Environment Essays

Secure FTP Server in Chroot Jail Environment Essays Secure FTP Server in Chroot Jail Environment Essay Secure FTP Server in Chroot Jail Environment Essay Often SFTP is confused with FTPS Well, they are different SFTP Part of SSH server FTPS Secure implementation of FTP server (yes, both use SSL encryption on the transport) WHAT IS JAILROOT/CHROOT? Evey process in *NIX systems has Process Context. This context contains the absolute path of the command that lead to creation of the process. e. g. $ ls The Process Context shall contain /bin/ls. It must be noticed that process has visibility till /. The hacker may somhow access all directories below / as they are in visibility. This is insecure. We decrease the visibility of process by creating altogether a separate directory called CHROOT or JAILROOT. For eg. if /dir1/dir2/chroot-dir is the JAILROOT directory in our configuration then the process run from login within this directory shall have no knowledge of anything above /dir1/dir2/chroot-dir/. For this process /dir1/dir2/chroot-dir/ is their / in the process context. CREATE USER WHO WILL BE ALLOWED TO LOGIN THROUGH SFTP sage ~]# useradd sftp-user Make sftp-server as login shell for that user. sage ~]# usermod -s /bin/false sftp-user CREATE JAILROOT DIRECTORY age ~]# mkdir /chroot-dir chown root. sftp-user /chroot-dir chmod 750 /chroot-dir MODIFY SSH SERVER CONFIGURATION TO ENABLE SFTP IN CHROOT sage ~]# vi /etc/ssh/sshd_config #Subsystem sftp /usr/libexec/sftp-server Subsystem sftp internal-sftp ChrootDirectory /chroot-dir ADD /usr/libexec/openssh/sftp-server AS A VALID LOGIN SHELL sage ~]# echo /usr/libexec/openssh/sftp-server gt;gt; /etc/shells sage ~]# /etc/init. d/sshd restart TEST SFTP bash~$ sftp [emailprotected] domain Connecting to hostname. domain [emailprotected] domains password: sftpgt; ls sftpgt; quit