Quote:
Originally Posted by zaigon
How can i block him? Isnt there any easier way?
|
Depending on the distro you're running (let's assume debian for the moment) you can also use this tutorial that makes it pretty simple:
http://tusforyou.com/chrooted-sshsft...-debian-lenny/
I'll summarize here:
1) sudo apt-get install ssh openssh-server
2) sudo vi /etc/ssh/sshd_config
3) Validate this line exists: Subsystem sftp /usr/lib/openssh/sftp-server
4) Add this at the very end for each user (or set up a group and add that)
Code:
Match User username
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server
5) sudo /etc/init.d/ssh restart
6) chmod 700 /home/username
Now, if you want it to be some other directory, just set that as the users home directory and modify accordingly. There is also a tutorial on his site for Ubuntu if you're running that.
The key you're looking for is what's called 'chroot' or 'jails', so if you look for 'chroot sftp distro' you'll probably find what you're looking for. Chroot is the term for setting a specific directory as 'root' (or /) for a specific user/group/process. It prevents them from moving any higher up the tree, so if you set up the shared filesystem as /shared/sftp/public and chroot the sftp process to /shared/sftp, they could see everything in public, nothing in /shared, and any files or directories under sftp.
Let me know if this works for you.