0

I have a customer who wants me to get a SFTP server. I am using an Filezilla server for normal FTP and I am currently trying to make a SFTP server by using FreeSSHd on a win2003 enterprise server.

I have tested the SSH connection with Filezilla and WinSCP clients and both of them can connect to the SFTP server using the key that is generated + name and password.

The problem at this moment is that if the customer decides to use Putty and uses the key + name and pass he can get into the root of the server seeing other documents which he shouldnt be allowed to see.

So the question is:

How can I limit the rights of the customer if he or she decides to connect through a SSH-client. This so I can prevent customers from seeing documents from each other.

Kay van Berkum
  • 1

2 Answers2

0

Chroot is not an option on a MSWindows box, but you can restrict access using the standard NTFS permissions ACLs. Failing that you could just export the directory as a fileshare and mount it on a dedicated box running the SFTP server.

symcbean
  • 21,009
  • 1
  • 31
  • 52
0

Freesshd run only on a user with administrator rights. You connect with different user (which might be non windows user) but you run in windows through a windows user currently used by freesshd. Seems there is no easy solution. Restricting access rights it is a way to go if rights cannot be escalated from ssh. It is true that escalation can be signaled but could be too late depending on your environment.

freesshd beginner
  • 1