Difference between revisions of "Sftp chroot configuration"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Tags: Mobile web edit, Mobile edit
Line 12: Line 12:
  
 
  [[Match]] User john
 
  [[Match]] User john
     ChrootDirectory %h
+
     [[ChrootDirectory]] %h
 
     ForceCommand internal-sftp
 
     ForceCommand internal-sftp
 
     AllowTCPForwarding no
 
     AllowTCPForwarding no
Line 25: Line 25:
 
     X11Forwarding no
 
     X11Forwarding no
  
 +
3) Review privileges from <code>[[ChrootDirectory]]</code>  directory
 +
 +
 +
 +
== Logs ==
  
 
[[scp]] error
 
[[scp]] error

Revision as of 16:00, 13 May 2020


1) First step

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp


2) Second step and create a user section at the end of the file (ssh can die respawning if placed after Subsystem line):

Match User john
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTCPForwarding no
   X11Forwarding no


With double Match rule

Match User john LocalPort 2222 
   ChrootDirectory %h
   ForceCommand internal-sftp
   AllowTCPForwarding no
   X11Forwarding no

3) Review privileges from ChrootDirectory directory


Logs

scp error

 protocol error: mtime.sec not present

sshd -T

'Match LocalPort' in configuration but 'lport' not in connection test specification.


See also

Advertising: