Sftp only access
Create group:
sudo addgroup exchangefiles
Create directory Structure
# Create the chroot directory, it is important to make the directory owned by root and set proper permission otherwise chroot will not work.
sudo mkdir /home/exchangefiles/
sudo chmod 755 /home/exchangefiles/
# Create the group-writable directory
sudo mkdir /home/exchangefiles/files/
sudo chmod g+rwx /home/exchangefiles/files/
sudo chgrp -R exchangefiles /home/exchangefiles/file
/etc/ssh/sshd_config
#add Match directive at the end of this file
Match Group exchangefiles
# Force the connection to use SFTP and chroot to the required directory.
ForceCommand internal-sftp
ChrootDirectory /home/exchangefiles
# Disable tunneling, authentication agent, TCP and X11 forwarding.
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Users from exchangefiles group can sftp into the system but can not ssh, and the / will change to /home/exchangefiles.
sudo addgroup exchangefiles
Create directory Structure
# Create the chroot directory, it is important to make the directory owned by root and set proper permission otherwise chroot will not work.
sudo mkdir /home/exchangefiles/
sudo chmod 755 /home/exchangefiles/
# Create the group-writable directory
sudo mkdir /home/exchangefiles/files/
sudo chmod g+rwx /home/exchangefiles/files/
sudo chgrp -R exchangefiles /home/exchangefiles/file
/etc/ssh/sshd_config
#add Match directive at the end of this file
Match Group exchangefiles
# Force the connection to use SFTP and chroot to the required directory.
ForceCommand internal-sftp
ChrootDirectory /home/exchangefiles
# Disable tunneling, authentication agent, TCP and X11 forwarding.
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Users from exchangefiles group can sftp into the system but can not ssh, and the / will change to /home/exchangefiles.
posted by Zhibin at
5:12 PM
0 Comments
