martes, abril 10, 2018

ssh accounts with sftp home only access

/etc/ssh/sshd_config:


Subsystem sftp internal-sftp
Match Group sftponly
        ChrootDirectory %h
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTcpForwarding no


Create the account:


groupadd sftponly
useradd -g sftponly someone
mkdir /home/someone
chown root:root /home/someone
chmod 755 /home/someone
mkdir /home/someone/someone
chown someone:sftponly /home/someone/someone


Set some password for the account:

passwd someone

 Now you can access using sftp


me@MacBookPro:~ $ sftp someone@enterprise.com
someone@enterprise.com's password: 

Connected to enterprise.com.
sftp> ls
someone
sftp> cd someone
sftp> ls -l
-rw-r--r--    1 1003     1003           26 Apr 10 20:03 hello.txt
sftp> 


And that's it, enjoy.