Difference between revisions of "Sftp chroot configuration"

Configuration

• Read https://askubuntu.com/a/206376

/etc/ssh/sshd_config

1) Modify Subsystem to internal-sftp

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

2) Create a user section at the end of the file (ssh can die respawning if placed after Subsystem line)

Match User john
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTCPForwarding no
   X11Forwarding no

Others:

• %u (User)
• %h (home directory)

Multiple users:

 Match User USER1,USER2

With double Match rule

Match User john LocalPort 2222 
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTCPForwarding no
   X11Forwarding no

3) Review privileges from ChrootDirectory directory

Creating a new user

useradd --create-home USERNAME
mkdir -p HOME_USER/.ssh
chown
chmod og-rx /home/USERNAME/.ssh
touch ~/.ssh/authorized_keys && chmod og-r ~/.ssh/authorized_keys

mkdir -p /path/to/directory/upload
chmod 777 /path/to/directory/upload

Add user on Match section on sshd_config file

sshd -t
systemctl restart sshd

Logs

scp error

 protocol error: mtime.sec not present

sshd -T

'Match LocalPort' in configuration but 'lport' not in connection test specification.

Related commands

• useradd -m USERNAME

See also

• sftp, sftp chroot configuration, Filezilla, Core FTP, sshfs, internal-sftp, sshd_config, SFTP protocol, Secure file transfer program (sftp)
• rsync, scp, sftp, rsnapshot, rclone, rdiff
• sshd, sshd logs, sshd -t, sshd -T, sshd_config, sftp