SSH_RunDirect is a program that allows you to set up an SSH server account with fine control over what commands/sub-systems are allowed to run when connected through SSH. Using this program, you can setup a secure SFTP only server account with chrooted jail. It provides a more secure solution than SSH.com's chrooted jail setup feature, and it's more flexible.
Setting up a server account to allow others to do secure file transfer with it but not running other commands using its privilege is a tricky job. The following are 3 configurations that look like a solution for the requirement, but they all have problems:
Using “command=” option for the key in OpenSSH's authorized_keys or SSH's authorization file.
Setting up a chroot jail at the account's HOME directory, like the way used by ssh.com's chroot configuration and the chroot patch for OpenSSH.
Change the account's SHELL in /etc/passwd to /usr/libexec/sftp-server.
The main problem with these 3 configurations are the client is able to overwrite .ssh/authorized_keys or .ssh2/authorization file, so to take over control on who is allowed to connect with the server account, and make the “command=” option useless.
Another problem with OpenSSH server is the client could be able to setup some environment variables to change the behavior of sftp-server program.
There is another problem with the first configuration: by changing contents of the account's SHELL profile/rc files under his/her home directory, a client could directly run arbitrary commands on the server or make the account owner run the commands when the owner logs on to the server later.
SSH_RunDirect is the best solution for you to solve all these security problems and gives you more.
The following is a sample SSH_RunDirect configuration from which you may get a rough idea of what SSH_RunDirect can do for you:
After proper setup of the chroot environment under /var/sftproot and with /usr/bin/scp, /usr/libexec/sftp-server and /bin/dd exist in the chroot environment, a server account with the above SSH_RunDirect configuration could add keys with “command=/usr/bin/scp”, “command=/usr/libexec/sftp-server” and “command=/bin/dd” for clients to run scp, sftp, or “tar cvf – files|ssh account@server dd of=backup.tar” to transfer files with the server account in chrooted jail (under /var/sftproot) environment, with maximum file size limited to 100000000 bytes and file creation umask set to 07. And with “shell=/bin/bash”, the account owner is still able to log on to access command line. However, if you want, by removing the “shell=/bin/bash” directive, the account will be limited to SSH connection for scp, sftp or running the dd command only, and setting “command=” options to keys become not necessary.
With SSH_RunDirect, you can setup multiple accounts on the server to share the same chrooted jail environment for specific command execution through SSH. For example, your server may run several applications and more than one of them need data files from other applications on other machines, to not let one application see the other's data files, you can create seperate uploading directories under /var/sftproot:
Combined with AutoSFTP software, Ausec presents you a unique solution for true automated, real secure SFTP.
You can download SSH_RunDirect software (which comes together with AutoSFTP) and apply for a free DEMO license from our home page.