OpenSSH anything like 'internal-sftp' but for SCP?

view story

http://serverfault.com – I'm running Debian stable and I'm looking to establish the following environment for users in my 'sftponly' group: jailed can transfer with SFTP can transfer with SCP cannot login interactively with SSH From my experimentation and research, it seems that the following stanza in sshd_config gets me 90% there: Match group sftponly ChrootDirectory /sftp/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp This gives me jailed SFTP and no SSH, which is good. But it also disables SCP, which is less than ideal because quite a few clients are legacy, scripted processes that use (HowTos)

Submitted by xskl on 08/23/2012

Login or register to post comments
Email this page

Stories similar to OpenSSH anything like 'internal-sftp' but for SCP?

sftponly with symlink 18 weeks 2 days ago

I did the sftponly trick with sshd. Is there an option to make it following symlinks with to other directories that do not belong to the user?

Match Group sftponly

ChrootDirectory /var/sftp/

X11Forwarding no

AllowAgentForwarding no

AllowTcpForwarding no

ForceCommand internal-sftp

my version of ssh doesn't support 'Match' and 'ForceCommand'? 2 years 44 weeks ago

Hello, I am trying to implement a chroot directory for a group of sftp users who all manage a shared directory. The relevant portion of my sshd_config file is below:

Subsystem sftp internal-sftp

Match Group mygroup ChrootDirectory /foo/bar X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp

User can't SFTP after chroot 33 weeks 5 days ago

Ubuntu 10.04.4 LTS

I'm trying to chroot the user 'sam'.

Is there no way to preserve permissions on sftp? 50 weeks 4 days ago

Debian 6

I've setup /etc/ssh/sshd_config as such:

Subsystem sftp internal-sftp -u 0002

Match Group sftp ChrootDirectory %h ForceCommand internal-sftp -u 0002 AllowTcpForwarding no Match

I get the users home to /var/www and chown the owner to root:root.

All good. The user can access via sftp and alter subdirectories.

File/Directory permissions for SFTP user 40 weeks 1 day ago

After using the SSH quite a lot on my 1.5 week old Debian 6 VPS, I wanted to start uploading files through SFTP. I already tried that earlier, but with the root account, which isn't possible with SSH anymore due to security changes.

So I've made a separate user, let's call him sftpuser for now, who belongs to the group sftp.

chrooted SSH & SFTP user 42 weeks 8 hours ago

Hello there!Going through https://wiki.archlinux.org/index.php/SFTP-chroot and addding a new group with removed ForceCommand parameter from sshd_config still doesn't let me to log in to ssh.

[ubuntu] sftp and chroot connection problems 45 weeks 8 hours ago

Hi everybody

I have a ubuntu 10.04.4 server running.

[ubuntu] SFTP with OpenSSH chroot issue 1 year 18 weeks ago

Hey Guys,

I've set up a SFTP server using OpenSSH. After following a guide online, I set up a group called sftponly and added a user to this group. I used the Match group switch in the sshd_config file to match the group so that user's in that group could only connect for SFTP sessions. I set up the chroot to point to "/home/%u".

My sftp jailed user cant see directories down the ChrootDirectory 9 weeks 2 days ago

I am triying to jail user.

I have got these directories:

var/www (root:www-data, 755) var/www/web1 (webmaster:www-data, 755) var/www/web2 (webmaster:www-data, 755)

On my ssh_config I have got:

Subsystem sftp internal-sftp

Match User webmaster ChrootDirectory /var/www ForceCommand internal-sftp

The user can enter in the system with the credentials.

OpenSSH anything like 'internal-sftp' but for SCP?

Search

Best published stories

Beautiful linux wallpapers

Tags