LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SFTP configuration for single directory per user (https://www.linuxquestions.org/questions/linux-newbie-8/sftp-configuration-for-single-directory-per-user-4175542554/)

redhat-keeda 05-13-2015 11:47 PM
SFTP configuration for single directory per user
 
Dear Members,

I am trying to configure sftp on my Server (Redhat). But I am facing following issue.

Link used: https://www.linode.com/docs/tools-re...ian-and-ubuntu

These are the parameters added to /etc/ssh/sshd_config file :

Quote:
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Permission home Directories are as follows :

Quote:
ls -ld /home/test1/
drwxr-xr-x 7 root root 4096 May 14 09:49 /home/test1/

ls -l /home/test1/
total 12
drwxr-xr-x 2 root root 4096 May 14 09:49 docs
drwxr-xr-x 2 root root 4096 May 13 11:43 nitish
drwxr-xr-x 2 root root 4096 May 14 09:49 public_html

Debug Command : sftp -vvv test1@Ipaddress

Code:
debug1: Next authentication method: password
test1@IP-address's password:
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1421
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 128 bytes for a total of 1549
debug3: Wrote -1 bytes for a total of 1549
Write failed: Broken pipe
Couldn't read packet: Connection reset by peer
I need the user can't access/see the other directories other than it's own directory

Waiting for your response.

Thank you

Redhat-Keeda

wpeckham 05-14-2015 07:06 AM
A slight change.
 
Check into this page http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/ for another discussion. Notice in particular the difference in the way sshd_config is structured.

I think you can get this working with a very minimal edit of the config file and restarting sshd.

Although it is supposed to work that way, internal-sftp is not an executable and you cannot really force-command it properly. OpenSSH is supposed to see it as a keyword and take the proper action, but that does not always happen in the match block as it should. Setting it up so internal-sftp is the default and the other settings are in the match block seems to work in more cases.


All times are GMT -5. The time now is 03:57 AM.