restrict file transfer in rsync, scp, sftp?

Bob Proulx bob at
Sun Nov 12 11:08:39 AEDT 2023

I am supporting a site that allows members to upload release files.  I
have inherited this site which was previously existing.  The goal is
to allow members to file transfer to and from their project area for
release distribution but not to allow general shell access and not to
allow access to other parts of the system.

Currently rsync and old scp has been restricted using a restricted
shell configuration.  But of course that does not limit sftp.  And of
course sftp can be chrooted which would work okay for us.  Use the
ForceCommand internal-sftp configuration to put the process in a
chroot.  But then that configuration blocks rsync.

    Match ... other stuff
    Match ALL
        ChrootDirectory /releases
        ForceCommand internal-sftp
        AllowTcpForwarding no
        X11Forwarding no

I have not been able to deduce a way to set up sftp-in-a-chroot *only*
when sftp is requested and allow rsync when rsync is requested and
allow rsync to work normally when rsync is requested.

Is there a way to allow rsync, scp and sftp but restrict the user to
only upload and download from specific directories?  Something like if
the user is invoking sftp then chroot sftp but if the user is invoking
rsync then invoke the custom restricted shell.

I hate to have to tell everyone that we can only securely allow one of
either rsync or sftp but not both.  But at this point I think it must
be one or the other and either-or seems not possible.


More information about the openssh-unix-dev mailing list