Difference between revisions of "Sftp chroot configuration"
Jump to navigation
Jump to search
1) Modify
3) Review privileges from
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 56: | Line 56: | ||
[[sshd -t]] | [[sshd -t]] | ||
− | [[systemctl restart sshd]] | + | [[systemctl restart sshd]] && [[systemctl status sshd]] |
== Logs == | == Logs == |
Revision as of 07:53, 21 April 2021
OpenSSH 4.9+ (2008) includes a built-in chroot for SFTP.
Contents
Configuration
- Read ask Ubuntu, How can I chroot sftp-only SSH users into their homes? https://askubuntu.com/a/206376
1) Modify Subsystem
to internal-sftp
Modify /etc/ssh/sshd_config
file
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
2) Create a user section at the end of the file (ssh can die respawning if placed after Subsystem line)
Match User john ChrootDirectory %h ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no
Others:
- %u (User)
- %h (home directory)
Multiple users:
Match User USER1,USER2
With double Match rule
Match User john LocalPort 2222 ChrootDirectory %h ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no
3) Review privileges from ChrootDirectory
directory
4) Create a new user account
useradd --create-home USERNAME su - USERNAME mkdir -p ~/.ssh chmod og-rxw ~/.ssh touch ~/.ssh/authorized_keys && chmod og-rw ~/.ssh/authorized_keys passwd USERNAME
mkdir -p /path/to/directory/upload chmod 777 /path/to/directory/upload
Add user on Match section on /etc/ssh/sshd_config file
sshd -t systemctl restart sshd && systemctl status sshd
Logs
scp error
protocol error: mtime.sec not present
'Match LocalPort' in configuration but 'lport' not in connection test specification.
See also: LogLevel
Related terms
See also
Advertising: