As many people might know, I am a bit security paranoid when it comes to my servers and sending stuff over the Internet in plain text. Therefore have I been using SFTP and SSH when I needed something sent over the Internet to my servers.
SFTP does however have a downside, in order to get the security of data encryption using sftp you will have to create an user account on the server with a valid shell, and therefore would every user have access to the whole system in read mode, which is a security risk.
One of the solutions would be to make a chroot for each user on the server, but this is both time consuming and a complete waste of space.
I finally found a good solution, there is a patched version of OpenSSH which gives a chroot feature of making sftp only connections, this however does not allowed the user to use a shell also, it’s either sftp or ssh, not both, if you need this, you will have to create a chroot for every user.
There is however a problem with the new patch, the author only give guiding for a source installation or using OpenBSD, but my servers are running Debian Etch and Ubuntu (7.04 and 7.10), so there is some new steps in order to get it working the debian-way.