Chrooted SFTP-only users along with normal SFTP

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi!

I want to set a OpenSSH server which restricts some users to only
chrooted SFTP, while others have full/normal ssh, scp and sftp access.

Most or all guides on the web say that I should enable the config line
"Subsytem sftp internal-sftp" among other things, but I've found out
that this only causes non-restricted users to not be able use SFTP at
all, only the chrooted users.  Without it users can be still be
chrooted and forced to use only SFTP - all seems fine.

Should I really use this config line?  What does it do?  Are the
guides wrong?  Here are some guides I've seen:

https://wiki.archlinux.org/index.php/SFTP_chroot
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

My config file (just the important and changed parts):

  PasswordAuthentication no

  Subsystem sftp /usr/lib/openssh/sftp-server
  # Subsystem sftp internal-ftp

  Match User developer
    ChrootDirectory %h
    ForceCommand internal-sftp
    PasswordAuthentication yes
    AllowTcpForwarding no
    PermitTunnel no
    X11Forwarding no

I'm using Trisquel 7, which should be identical to Ubuntu 14.04.

Thank you!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux