Secure file transfer to a web server

Secure file transfer to a hosted server ?

Short summary - I have been landed with a job to provide secure (as in encrypted) file transfer to a hosted linux server.

Solution - use ssh/scp/sftp which encrypts the traffic between host and server.

Problem - it involves giving the user an SSH login and it also seems to be pretty hard to stop them from navigating back up the directory tree and seeing other users files. Looking at removing eXecute permissions from the parent directory as a possible solution.

I am sure that it is possible to secure the whole process and ring-fence them into their own directory, but I can't track down a howto.

Does anyone have any pointers please ?

Alternatively does anyone know any other file transfer mechanisms that encrpyt the traffic ? Am investigting VPNs but the user is looking for a low-impact solution.

Thanks,

z

Would secure FTP fit the bill? Do we get a commission for assisting?

Clubman - thanks for the reply. Secure FTP at the moment doesn't seem to fit the bill since it runs over SSH (as does SCP) as far as I can tell and this leaves me with the same ring-fencing (or chroot'ing) problem.

The main problem is that if a user looks for a directory listing of / they will get it. If they look for a directory listinng of /home they will get it. I am working through this at the moment, but not there yet. The web has turned up the concept of using /home/./username (where /./ is a marker to the SSH server) as the users home directory, but it doesn't work in this particular instance.

Cheers,

z

But with an FTP server you have a virtual root above which the user cannot navigate even if it is physically located in a non root directory. For example the FTP virtual root may be physically located in /foo/bar/ftp/root and nobody can ever change directory to anything above this directory. Maybe I don't fully understand your problem?

My problem with basic FTP is that the traffic between server and host isn't encrypted (a requirement for the client) - you can lock a user down to a directory, but when they transfer files the transfer isn't secure.

With SFTP or SCP the traffic is secure but you can't (so far) lock the user down, especially since they have by definition an SSH login and associated shell.

Current web research points to a server called vsftpd which may achieve all the necessary requirements.

Cheers,

z