Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a home server that I ssh into when needed. If I need graphics I start vnc and tunnel it over ssh. So I'm good. Anyway, some relatives have asked very kindly if I can put some certain family pictures on the net for them to download.
I don't want to do regular ftp, so I've been trying ftps (with vsftpd) but it gives me firewall grudges.
So, I started to think about making a directory shared over ssh using only password login (no keys)- something they could reach via winscp for instance.
What I want to accomplish is a SSH config that doesn't change my current ability to login to MY account (I'm using only keys), but grants user "relative" access to one directory, NO shell access (chrooted?), and preferrably forces the connection to be sftp rather than scp. phuh.
Thanks for the much informative link. This partwise solved it for me.
By adding "PasswordAuthentication yes" to the config I can no login as myself using keys only, and users in group sftponly can login to their chrooted home directory with their password. No extra needed (rssh, libs, etc..).
What remains is to firce the connection to be sftp rather than scp, and make sure they can access files with a client, but no shell.
I tried setting shell to /bin/false but then I got access denied. I guess ssh need shell access to do sftp.. so I'm stuck there. But its going forth..
In case someone is in the same pit, here's teh end of /etc/ssh/sshd_config (this is a Gentoo system):
# override default of no subsystems
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
PubkeyAuthentication no
PasswordAuthentication yes
Hi friend,
On the SFTP Server page of the SSH Configuration utility you can configure the settings for secure file transfer protocol (SFTP). You can restrict regular users to have access only to specified directories, define their home directory and specify the events that are collected in the event log. With the Accessible directories feature you can define virtual directories for the users, and restrict them to have access only to those directories.
EDIT::The thing in your signature maybe ? Not good adverticing speaking about it that way .. now I know I can NEVER let myself try that program (should I for some reason feel the need)..
If no, please disregard the above.
Last edited by crispyleif; 12-17-2008 at 09:49 AM.
I've used rssh in the past to do exactly what you are talking about. It allows sftp logins but no shell account. Use it in combination with a Chroot jail and it makes a pretty good sftp solution.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.