Setting up an Secure FTP Server on Solaris Zone

Create the Zone using the zonecfg command. Here is a sample version of the zone.

Its better to create a Whole rooted zone.

bash# zonecfg -z ftp

One of these zones can be used as an example
*********************************************
zonecfg:ftp> info
zonename: ftp
zonepath: /zones/ftp
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
fs:
        dir: /mnt
        special: /dev/vx/dsk/oradg/zone
        raw: /dev/vx/rdsk/oradg/zone
        type: ufs
        options: [logging,nodevice]
net:
        address: 172.25.58.25/23
        physical: ce1
device
        match: /dev/pts*

***********************************************


Once the Zone has been created boot the zone and log in to the console using the zlogin -C zonename

Before we begin make sure the ld.config file is set with the following path.

bash# crle -l /lib:/usr/lib:/usr/local/lib:/platform/SUNW,Sun-Fire-V490/lib ( Make changes to the sun-fire hardware spcefic)

Log on to the following URL and download the openssh package and also follow the instructions.

http://www.minstrel.org.uk/papers/sftp/

Once the SSH is built make sure the following steps are followed.

Make sure you are logged in to the container through the Console.

issue the follwoing command.

svcadm disable network/ssh

 
This will disable the SSH server that was shipped with solaris.

To make the new ssh server up we need to the follwoing hack.

type the follwoing at the prompt.

bash-3.00# svccfg
svc:> select ssh
svc:/network/ssh
svc:/network/ssh> export ssh > filename.txt
svc:/network/ssh>

Type exit and the file will be located in the current directory from where the command was launched.

edit the file where it reads /etc/ssh to the following.

<service_fmri value='file://localhost/usr/local/etc/sshd_config'/>

Change the SSHD path to the new path ( if sshd is installed under /usr/local/sbin)
Make sure that the start and restart arguments are deleted.

<exec_method name='start' type='method' exec='/usr/local/sbin/sshd ' timeout   _seconds='60'>

<exec_method name='refresh' type='method' exec='/usr/local/sbin/sshd ' timeout_seconds='60'>

Save the file and these new settings have to be imported.

bash-3.00# svccfg
svc:> select ssh
svc:/network/ssh> import filename.txt

exit out and restart the container and the new ssh will be started.


to get the chroot sftp server working the follwoing should be done.

Create the user direcotry before adding the user.

for example.

 mkdir -p /export/home/user1/./

 the add the user with the follwoing command

  useradd -u 1000 -g 1000 -m -d /export/home/user1/./ -s /bin/sftpsh user1

This will add the user and chroot functionality is built in to the sftpserver.


if you have any please mail me at belur-DOT-krishnamurthy-AT-homeinsco.com or Peter at his ID which is on his webpage.