how to restrict SSH - WinSCP access for Users only to a specific directory???
 

I have a Ubuntu Linux server. I have SSH access enabled on the Server. When I log into the server using WinSCP, the user can browse the / and sub-directories below the / directory. User cannot access the actual ROOT direcoty.

I have run the command chmod a+x home , But this only lets users not access each others directories. With each logging into WinSCP they are able to browse the top level root directories.

My question is can I setup restriction so that when they click on the ROOT in the top level directory tree. They should get error that they cannot access the directory. permission denied error.

Anyone know how I can accomplish this? because right now users cannot access each other directory in the home directory.

For example, under home directory, I have two users folders, one for user A and another for user B. Users A and B cannot access each other's directories. But they both can access top level root and other directories such as etc, bin, boot, var. Not sure if this is possible. But I think I might cause issues with permissions issues with programs or services. Just wondering how it is done in the real world???

Any help is greatly appreciated.

Hi,

Do your users need SSH access, or just WinSCP access?

If they don't need to log in (SSH), you might be able to achieve your goal by giving them SFTP access only. This is done in sshd_config, by using the Match, ChrootDirectory and ForceCommand options, for example:

Note that this means they have to use the SFTP protocol, and not SCP. I believe WinSCP can do this, but don't have first hand experience to confirm that.

I hope this helps.

Regards,

Clifford