The last releases of ProFTP contan a module, called mod_sftp. Yes. This is just the thing I was searching for years, trying to achive chrooted ssh with OpenSSH (see internal SFTP option), but now with a lot better solution.
But the thing is... Ubuntu's last LTS, 10.04 only has a version lower of ProFTPd. Compile? Yes, one solution, the hardcore way. The lazy way: Debian Sid, the current unstable version, and it's packages:
First, the two dependency package:
And the ProFTPd itself:
- proftpd-basic3
Install them:
dpkg -i *Edit /etc/proftpd/modules.conf:
comment out the line, we don't need it for now.
LoadModule mod_tls.cadd a line
LoadModule mod_sftp.cAlso, edit /etc/proftpd/proftpd.conf, and add the
following:
<ifmodule mod_sftp.c>
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/xferlog-sftp.log
# Configure the server to listen on the normal SSH2 port, port 22
Port 22
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
# Configure the file used for comparing authorized public keys of users.
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys
# Enable compression
SFTPCompression delayed
# Allow the same number of authentication attempts as OpenSSH.
#
# It is recommended that you explicitly configure MaxLoginAttempts
# for your SSH2/SFTP instance to be higher than the normal
# MaxLoginAttempts value for FTP, as there are more ways to authenticate
# using SSH2.
MaxLoginAttempts 3
</ifmodule>You'll also need the change the port of the OpenSSH server, but that's recommended anyway.
(Oh, by the way: this entry was written by Peter Molnar, and originally posted on petermolnar dot net.)
