sftp/scp only without real users

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,


my goal: sftp/scp only access, without the need for linux users.

I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account"

I don't want to create linux users for each of them.

I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory.

Every virtual account must only see his own files, not the files from an other virtual account.

I would like to use the solution which is provided here: https://serverfault.com/a/88864/90324

In short there will be 10 lines in the authorized_keys file:

|~backup_user/.ssh/authorized_keys: no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=\ "scp -v -r -d -t ~/CONTENT" ssh-rsa AAAAMYRSAKEY... |

I could improve this by a python script and not use the hard coded "scp -v ...".

I would like to support scp and sftp.

Is there a way to chroot, to ensure each virtual account can't break out of his jail?

BTW: The idea with authorized_keys and "forced command" is just my current strategy. If there is a better way to each the overall goal, then please tell me :-)

We are running an OpenSSH server. I would like to stick to it, if possible.


Just for the records, I asked the same question here: https://serverfault.com/questions/871517/ssh-forced-command-sftp-scp-only


Regards,

  Thomas Güttler

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux