Setting up an Secure FTP Server on Solaris Zone
Create the Zone using the zonecfg command. Here is a sample version of the zone.
Its better to create a Whole rooted zone.
bash# zonecfg -z ftp
One of these zones can be used as an example
*********************************************
zonecfg:ftp> info
zonename: ftp
zonepath: /zones/ftp
brand: native
autoboot: true
bootargs:
pool:
limitpriv:
scheduling-class:
ip-type: shared
fs:
dir: /mnt
special: /dev/vx/dsk/oradg/zone
raw: /dev/vx/rdsk/oradg/zone
type: ufs
options: [logging,nodevice]
net:
address: 172.25.58.25/23
physical: ce1
device
match: /dev/pts*
***********************************************
Once the Zone has been created boot the zone and log in to the console using the zlogin -C zonename
Before we begin make sure the ld.config file is set with the following path.
bash# crle -l /lib:/usr/lib:/usr/local/lib:/platform/SUNW,Sun-Fire-V490/lib ( Make changes to the sun-fire hardware spcefic)
Log on to the following URL and download the openssh package and also follow the instructions.
http://www.minstrel.org.uk/papers/sftp/
Once the SSH is built make sure the following steps are followed.
Make sure you are logged in to the container through the Console.
issue the follwoing command.
svcadm disable network/ssh
This will disable the SSH server that was shipped with solaris.
To make the new ssh server up we need to the follwoing hack.
type the follwoing at the prompt.
bash-3.00# svccfg
svc:> select ssh
svc:/network/ssh
svc:/network/ssh> export ssh > filename.txt
svc:/network/ssh>
Type exit and the file will be located in the current directory from where the command was launched.
edit the file where it reads /etc/ssh to the following.
Change the SSHD path to the new path ( if sshd is installed under /usr/local/sbin)
Make sure that the start and restart arguments are deleted.
Save the file and these new settings have to be imported.
bash-3.00# svccfg
svc:> select ssh
svc:/network/ssh> import filename.txt
exit out and restart the container and the new ssh will be started.
to get the chroot sftp server working the follwoing should be done.
Create the user direcotry before adding the user.
for example.
mkdir -p /export/home/user1/./
the add the user with the follwoing command
useradd -u 1000 -g 1000 -m -d /export/home/user1/./ -s /bin/sftpsh user1
This will add the user and chroot functionality is built in to the sftpserver.
if you have any please mail me at belur-DOT-krishnamurthy-AT-homeinsco.com or Peter at his ID which is on his webpage.