AIX > Administrator > Security

Secure Sharing

How to Create a Change Root Environment

How to Create a Change Root Environment

In today’s data transfers over the Web, FTP is one of the most common tools used, however, using FTP to transfer files is no longer a safe option, especially when dealing with sensitive information. Using Secure FTP (SFTP) allows secure transmission when it’s run with secure shell (SSH) protocol. However, this isn’t enough, you also need to create a jailed change root (chroot) environment for user accounts. The following will demonstrate how this can be done and how to share directories within a chroot environment.

Take Note

Be sure to have TCP wrappers installed as this provides extra security, in that you can specify what hosts are allowed to connect via SSH protocol. Only required services should be running. If the server is going to allow SFTP connections only, comment out the FTP entry in /etc/inetd.conf, and stop any third-party FTP service, like very secure FTP.

Also note your version of Open SSH for AIX. It should be greater than version 5.2, if you wish to enable the chroot SFTP without issues. For this demonstration, we’re using:

# oslevel -s
7100-00-03-1115
# ssh -V
OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011

Create the User

To confirm that a user cannot directly login at all, (rlogin, telnet and SSH) it is not enough to set the user account attributes to:

login=false and rlogin=false

You will need to set the usersshell to false, for example: /usr/bin/false, instead of a normal shell environment such as /usr/bin/ksh.

David Tansley is a freelance writer and an IBM Champion.



Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.


comments powered by Disqus

Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters