sftp/scp only without real users

Thomas Güttler Lists guettliml at thomas-guettler.de
Fri Sep 1 19:11:56 AEST 2017


Hi,


my goal: sftp/scp only access, without the need for linux users.

I want to provide 10 sftp/scp directories to 10 people. Let's call this 
"virtual account"

I don't want to create linux users for each of them.

I would like to create one linux user (backup_user). In his 
home-directory will be 10 directories. For each "virtual account" one 
directory.

Every virtual account must only see his own files, not the files from an 
other virtual account.

I would like to use the solution which is provided here: 
https://serverfault.com/a/88864/90324

In short there will be 10 lines in the authorized_keys file:

|~backup_user/.ssh/authorized_keys: 
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=\ 
"scp -v -r -d -t ~/CONTENT" ssh-rsa AAAAMYRSAKEY... |

I could improve this by a python script and not use the hard coded "scp 
-v ...".

I would like to support scp and sftp.

Is there a way to chroot, to ensure each virtual account can't break out 
of his jail?

BTW: The idea with authorized_keys and "forced command" is just my 
current strategy. If there is a better way to each the overall goal, 
then please tell me :-)

We are running an OpenSSH server. I would like to stick to it, if possible.


Just for the records, I asked the same question here: 
https://serverfault.com/questions/871517/ssh-forced-command-sftp-scp-only


Regards,

   Thomas Güttler



More information about the openssh-unix-dev mailing list