Editing Sftp chroot configuration
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | + | * Read https://askubuntu.com/a/206376 | |
+ | /etc/ssh/[[sshd_config]] | ||
− | |||
− | |||
+ | 1) First step | ||
− | |||
− | |||
− | |||
− | |||
− | |||
#Subsystem sftp /usr/lib/openssh/sftp-server | #Subsystem sftp /usr/lib/openssh/sftp-server | ||
− | Subsystem sftp | + | Subsystem sftp internal-sftp |
− | + | 2) Second step | |
+ | and create a user section at the end of the file (ssh can die respawning if placed after Subsystem line): | ||
[[Match]] User john | [[Match]] User john | ||
[[ChrootDirectory]] [[%h]] | [[ChrootDirectory]] [[%h]] | ||
− | ForceCommand | + | ForceCommand internal-sftp |
− | + | AllowTCPForwarding no | |
X11Forwarding no | X11Forwarding no | ||
Line 26: | Line 22: | ||
* %u (User) | * %u (User) | ||
* %h (home directory) | * %h (home directory) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 40: | Line 31: | ||
X11Forwarding no | X11Forwarding no | ||
− | + | 3) Review privileges from <code>[[ChrootDirectory]]</code> directory | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | == Logs == | |
− | |||
− | |||
− | |||
− | |||
[[scp]] error | [[scp]] error | ||
protocol error: mtime.sec not present | protocol error: mtime.sec not present | ||
Line 65: | Line 43: | ||
'Match LocalPort' in configuration but 'lport' not in connection test specification. | 'Match LocalPort' in configuration but 'lport' not in connection test specification. | ||
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == |
Advertising: