Last active
April 11, 2020 16:29
-
-
Save alexalouit/dc0da72c03321d58ef94ba8a0cde8905 to your computer and use it in GitHub Desktop.
built-in sftp chrooted sftp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user1,user2 no password login | |
| user3 both | |
| classical $home/.ssh usage | |
| $home must be root owned | |
| only $home/subdirs as chrooted-user could be writeable | |
| note: recent openssh server require password (random it) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/group | |
| sftp:x:4099:user1,user2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/passwd | |
| user1:x:4000:4099:user1:/sftp/user1:/bin/false | |
| user2:x:4001:4099:user2:/sftp/user2:/bin/false | |
| user3:$xxxxxxxx/:4002:4099:user3:/sftp/user3:/bin/false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #/etc/ssh/sshd_config | |
| Subsystem sftp internal-sftp | |
| Match Group sftp | |
| ForceCommand internal-sftp | |
| ChrootDirectory %h | |
| AllowTcpForwarding no | |
| PermitTunnel no | |
| X11Forwarding no |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment