Difference between revisions of "Sftp chroot configuration"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 12: | Line 12: | ||
[[Match]] User john | [[Match]] User john | ||
− | ChrootDirectory %h | + | [[ChrootDirectory]] %h |
ForceCommand internal-sftp | ForceCommand internal-sftp | ||
AllowTCPForwarding no | AllowTCPForwarding no | ||
Line 25: | Line 25: | ||
X11Forwarding no | X11Forwarding no | ||
+ | 3) Review privileges from <code>[[ChrootDirectory]]</code> directory | ||
+ | |||
+ | |||
+ | |||
+ | == Logs == | ||
[[scp]] error | [[scp]] error |
Revision as of 16:00, 13 May 2020
1) First step
#Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp
2) Second step
and create a user section at the end of the file (ssh can die respawning if placed after Subsystem line):
Match User john ChrootDirectory %h ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no
With double Match rule
Match User john LocalPort 2222 ChrootDirectory %h ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no
3) Review privileges from ChrootDirectory
directory
Logs
scp error
protocol error: mtime.sec not present
'Match LocalPort' in configuration but 'lport' not in connection test specification.
See also
Advertising: