Editing Sftp chroot configuration
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | |||
− | |||
== Configuration == | == Configuration == | ||
− | * Read | + | * Read https://askubuntu.com/a/206376 |
+ | /etc/ssh/[[sshd_config]] | ||
+ | 1) Modify <code>[[Subsystem]]</code> to <code>[[internal-sftp]]</code> | ||
− | |||
− | |||
− | |||
#Subsystem sftp /usr/lib/openssh/sftp-server | #Subsystem sftp /usr/lib/openssh/sftp-server | ||
Subsystem sftp [[internal-sftp]] | Subsystem sftp [[internal-sftp]] | ||
− | + | 2) Second step | |
+ | and create a user section at the end of the file (ssh can die respawning if placed after Subsystem line): | ||
[[Match]] User john | [[Match]] User john | ||
[[ChrootDirectory]] [[%h]] | [[ChrootDirectory]] [[%h]] | ||
ForceCommand [[internal-sftp]] | ForceCommand [[internal-sftp]] | ||
− | + | AllowTCPForwarding no | |
X11Forwarding no | X11Forwarding no | ||
Line 40: | Line 38: | ||
X11Forwarding no | X11Forwarding no | ||
− | + | 3) Review privileges from <code>[[ChrootDirectory]]</code> directory | |
− | == | + | == Creating new user == |
[[useradd --create-home]] USERNAME | [[useradd --create-home]] USERNAME | ||
− | + | [[mkdir -p]] HOME_USER/[[.ssh]] | |
− | [[mkdir -p]] | + | [[chown]] |
− | [[ | + | [[chmod]] og-rx /home/USERNAME/.ssh |
− | [[touch]] ~/.ssh/ | + | [[touch]] ~/.ssh/authorized_keys && chmod og-r ~/.ssh/authorized_keys |
− | |||
[[mkdir -p]] /path/to/directory/upload | [[mkdir -p]] /path/to/directory/upload | ||
chmod 777 /path/to/directory/upload | chmod 777 /path/to/directory/upload | ||
− | Add user on [[Match]] section on [[ | + | Add user on [[Match]] section on [[sshd_config]] file |
[[sshd -t]] | [[sshd -t]] | ||
− | [[systemctl restart | + | [[systemctl restart]] sshd |
== Logs == | == Logs == | ||
Line 65: | Line 62: | ||
'Match LocalPort' in configuration but 'lport' not in connection test specification. | 'Match LocalPort' in configuration but 'lport' not in connection test specification. | ||
− | |||
− | == Related | + | == Related commands == |
* <code>[[useradd]] -m USERNAME</code> | * <code>[[useradd]] -m USERNAME</code> | ||
− | |||
== See also == | == See also == |
Advertising: