sftp/scp only without real users
Thomas Güttler Lists
guettliml at thomas-guettler.de
Fri Sep 1 19:11:56 AEST 2017
Hi,
my goal: sftp/scp only access, without the need for linux users.
I want to provide 10 sftp/scp directories to 10 people. Let's call this
"virtual account"
I don't want to create linux users for each of them.
I would like to create one linux user (backup_user). In his
home-directory will be 10 directories. For each "virtual account" one
directory.
Every virtual account must only see his own files, not the files from an
other virtual account.
I would like to use the solution which is provided here:
https://serverfault.com/a/88864/90324
In short there will be 10 lines in the authorized_keys file:
|~backup_user/.ssh/authorized_keys:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=\
"scp -v -r -d -t ~/CONTENT" ssh-rsa AAAAMYRSAKEY... |
I could improve this by a python script and not use the hard coded "scp
-v ...".
I would like to support scp and sftp.
Is there a way to chroot, to ensure each virtual account can't break out
of his jail?
BTW: The idea with authorized_keys and "forced command" is just my
current strategy. If there is a better way to each the overall goal,
then please tell me :-)
We are running an OpenSSH server. I would like to stick to it, if possible.
Just for the records, I asked the same question here:
https://serverfault.com/questions/871517/ssh-forced-command-sftp-scp-only
Regards,
Thomas Güttler
More information about the openssh-unix-dev
mailing list