Chrooted SFTP-only users along with normal SFTP
Martin
martin at libtec.org
Mon Aug 3 08:08:34 AEST 2015
Hi!
I want to set a OpenSSH server which restricts some users to only
chrooted SFTP, while others have full/normal ssh, scp and sftp access.
Most or all guides on the web say that I should enable the config line
"Subsytem sftp internal-sftp" among other things, but I've found out
that this only causes non-restricted users to not be able use SFTP at
all, only the chrooted users. Without it users can be still be
chrooted and forced to use only SFTP - all seems fine.
Should I really use this config line? What does it do? Are the
guides wrong? Here are some guides I've seen:
https://wiki.archlinux.org/index.php/SFTP_chroot
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
My config file (just the important and changed parts):
PasswordAuthentication no
Subsystem sftp /usr/lib/openssh/sftp-server
# Subsystem sftp internal-ftp
Match User developer
ChrootDirectory %h
ForceCommand internal-sftp
PasswordAuthentication yes
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
I'm using Trisquel 7, which should be identical to Ubuntu 14.04.
Thank you!
More information about the openssh-unix-dev
mailing list