LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-13-2015, 11:47 PM   #1
redhat-keeda
LQ Newbie
 
Registered: Feb 2015
Posts: 4

Rep: Reputation: Disabled
Smile SFTP configuration for single directory per user


Dear Members,

I am trying to configure sftp on my Server (Redhat). But I am facing following issue.

Link used: https://www.linode.com/docs/tools-re...ian-and-ubuntu

These are the parameters added to /etc/ssh/sshd_config file :

Quote:
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Permission home Directories are as follows :

Quote:
ls -ld /home/test1/
drwxr-xr-x 7 root root 4096 May 14 09:49 /home/test1/

ls -l /home/test1/
total 12
drwxr-xr-x 2 root root 4096 May 14 09:49 docs
drwxr-xr-x 2 root root 4096 May 13 11:43 nitish
drwxr-xr-x 2 root root 4096 May 14 09:49 public_html

Debug Command : sftp -vvv test1@Ipaddress

Code:
debug1: Next authentication method: password
test1@IP-address's password:
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1421
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 128 bytes for a total of 1549
debug3: Wrote -1 bytes for a total of 1549
Write failed: Broken pipe
Couldn't read packet: Connection reset by peer
I need the user can't access/see the other directories other than it's own directory

Waiting for your response.

Thank you

Redhat-Keeda
 
Old 05-14-2015, 07:06 AM   #2
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,290

Rep: Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919Reputation: 919
A slight change.

Check into this page http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/ for another discussion. Notice in particular the difference in the way sshd_config is structured.

I think you can get this working with a very minimal edit of the config file and restarting sshd.

Although it is supposed to work that way, internal-sftp is not an executable and you cannot really force-command it properly. OpenSSH is supposed to see it as a keyword and take the proper action, but that does not always happen in the match block as it should. Setting it up so internal-sftp is the default and the other settings are in the match block seems to work in more cases.
 
  


Reply

Tags
sftp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sftp user jail to a different home directory hectortool Red Hat 2 03-07-2015 03:06 AM
Create SFTP only user and allow access to already created directory amitpatil Linux - Server 10 06-05-2013 04:12 AM
Permission Configuration for SFTP User Thoco Linux - Security 1 06-08-2011 10:55 AM
Creating user with SFTP permission to only one directory swapnesh_sharma Linux - General 2 08-27-2009 08:10 AM
how to create sftp user only in red hat 4 not ftp user ..only sftp user princeu28 Linux - Newbie 1 10-14-2008 08:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration