Hi! I want to set a OpenSSH server which restricts some users to only chrooted SFTP, while others have full/normal ssh, scp and sftp access. Most or all guides on the web say that I should enable the config line "Subsytem sftp internal-sftp" among other things, but I've found out that this only causes non-restricted users to not be able use SFTP at all, only the chrooted users. Without it users can be still be chrooted and forced to use only SFTP - all seems fine. Should I really use this config line? What does it do? Are the guides wrong? Here are some guides I've seen: https://wiki.archlinux.org/index.php/SFTP_chroot http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/ My config file (just the important and changed parts): PasswordAuthentication no Subsystem sftp /usr/lib/openssh/sftp-server # Subsystem sftp internal-ftp Match User developer ChrootDirectory %h ForceCommand internal-sftp PasswordAuthentication yes AllowTcpForwarding no PermitTunnel no X11Forwarding no I'm using Trisquel 7, which should be identical to Ubuntu 14.04. Thank you! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
