Up-to-date alternatives of rssh or scponly

Question

I need:

An scp and sftp server
With chroot-ed environment
With non-login (ssh not allowed for scp/sftp users)

Options and related issues I found:

scponly

No updates since more than 6 years
Does one really need to recompile the whole thing to make changes in the configuration??

rssh

It is told to have plenty of security issues
No updates since plenty of years
The author himself says that "rssh is done. Period"
Ubuntu seems to be maintaining it somehow. Unfortunately, I need it for a CentOS server

ssh-server

It does the job with sftp and the chroot, but not with sftp
Otherwise it seems quite OK

So, I was wondering what other options might be out there, or how does this particular issue get handled by others.

score 7 · Accepted Answer · answered Jul 31 '17 at 16:22

I recommend to just use the common chrooted internal-sftp that is included with most OpenSSH servers. SFTP clients are available on all operating systems so I do not see any problems with adoption.

You might also want to refer to this other serverfault question to allow SFTP but not SSH to assist you with your setup.

score 4 · Answer 2 · answered Aug 01 '17 at 16:20

4

One possibility is ProFTPD's mod_sftp module, which does just what you want (chroot, SCP/SFTP only, no shell).

Hope this helps!

answered Aug 01 '17 at 16:20

Castaglia

3,477
3
24
46

Up-to-date alternatives of rssh or scponly

2 Answers2