internal-sftp + chroot [was: Parallel transfers]
Nico Kadel-Garcia
nkadel at gmail.com
Sat Apr 11 14:05:57 AEST 2020
On Fri, Apr 10, 2020 at 8:27 PM Peter Stuge <peter at stuge.se> wrote:
>
> Nico Kadel-Garcia wrote:
> > in places where I do not want OpenSSH server's tendency ro let
> > people with access look around the rest of the filesystem.
>
> If you want users to be able to use *only* SFTP then set a ChrootDirectory
> and ForceCommand internal-sftp in a Match for the user in sshd_config.
Because I can achieve it with manual tuning does not make it the best approach.
* It puts OpenSSH at risk of accidental misconfiguration disabling he
daemon from starting. Been there, done that.
* Editing sshd_config manually puts updates at risk of failure. If an
update overwrites this file, the restricted sftp access is suddenly
generalized with whatever access you provided before with full shell
access *unless* you go to variety of extra steps that require extra
work to manage, such as running distinct sshd with a distinct
sshd_config and only exposing that, or putting authorized_keys
somewhere effective, or disabling shells, etd. Been there, done that.
* It creaes a set of maintenance issues, such as whether my admin
account gets shell access, or distinct sftp access so I can test this
service.
Segregating browseable upload and download access is easier qne less
likely to interfere with critical admin access if it's entirely
distinct from OpenSSH. Fatal configuration mistakes are too easy. Been
there, done that.
More information about the openssh-unix-dev
mailing list