How to grant secure access to an untrusted developer to an exisiting virtual host?

Posted by Margaret Thorpe on Server Fault See other posts from Server Fault or by Margaret Thorpe
Published on 2010-05-26T12:16:14Z Indexed on 2010/05/26 12:21 UTC
Read the original article Hit count: 309

Filed under:

ssh

|

sftp

Our security policy does not permit ftpd on our servers. Our trusted developers use ftps to access our webservers and they have full access to the server. How do we grant limited access to a single untrusted developer for an existing virtual host. Ive configured rssh to only allow sftp to our untrusted developer, but we dont want him browsing around our other sites. I've investigated chroot, but it seems overly complex and more for restricting access to their home folders. I want to limit access to /srv/www/vhostx/ and below.

Whats the best solution?

© Server Fault or respective owner

Related posts about ssh

Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
SSH problems (ssh_exchange_identification: read: Connection reset by peer)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was running 11.10 and decided to do the full upgrade and come up to 12.04 after the update SSH (not SSHD) is now misbehaving when attempting to connect to other OpenSSH instances. I say OpenSSH as I am running a DropBear sshd on my router and I am able to connect to it. When attempting to connect… >>> More
SSH main process ended

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running ubuntu server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
SSH server not working (respawns until stopped)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running Ubuntu Server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
Cannot SSH after resetting firewall on VPS

as seen on Server Fault - Search for 'Server Fault'
I'm having trouble trying to SSH to my Debian 5 VPS with blacknight. It was working fine until I did the following: Logged into 'Parallels Infrastructure Manager' - Container - Firewall - Set to 'Normal Firewall settings'. It told me there was an error with the IPTables and offered the option again… >>> More

Related posts about sftp

Need a non-GUI SFTP tool better than "sftp"

as seen on Super User - Search for 'Super User'
'sftp' is seriously lacking relative to, say, ncftp: it has no command memory, no Tab-completion of file names, and so on. Is there a non-GUI tool for SFTP that people recommend? >>> More
Need a non-GUI SFTP tool better than "sftp"

as seen on Server Fault - Search for 'Server Fault'
'sftp' is seriously lacking relative to, say, ncftp: it has no command memory, no Tab-completion of file names, and so on. Is there a non-GUI tool for SFTP that people recommend? >>> More
SFTP jail & Keeping file ownership the same / File owner per folder

as seen on Server Fault - Search for 'Server Fault'
I want to setup a jailed SFTP account for a subfolder of another user's home folder, but want the owner of everything in that subfolder to stay the same, including new files and folders uploaded and created by the sftp user, while still allowing access to the files and folders of that subfolder as… >>> More
Enabling SFTP Access within PLESK

as seen on Server Fault - Search for 'Server Fault'
Hello everyone, I have a client who wants to ensure his upload is secure, so we are trying to enable SFTP for him on our Linux PLESK server. I have enabled SSH access to bin/bash for FTP accounts, and created a new user. When I attempt to SFTP using either the IP address or the domain name, this… >>> More
Free solution to backup folders to external SFTP server with shadow copy

as seen on Super User - Search for 'Super User'
I have an account in university on Linux machine with 10TB of free space accessible via SFTP. I would like to backup my Windows 7 x64 laptop to university. Currently I am using rsync+cygwin, but backup is pretty slow (without shadow copy) and I hate console window appearing every day on my screen… >>> More