So iam setting up an autotunnel that is being used on some software iam deploying to a client.
I need to restrict the user to that 1 folder but let them do what ever they want in that 1 folder.
When the user is logged onto my server it will be dropping logs and other data into that folder with a cronjob.
But i do not what to take any risk with my server and need to make sure they are jailed into that 1 folder.
When the tunnel is setup this allows me to go ahead and ssh backwards to there system and helps me bypass any firewalls.
Pretty much i need a chroot jail for a new user iam making on the server.
So when they tunnel / login to my server they are restricted to that 1 folder.
This will allow me to rsync entire directors and logs to that folder but keep my server safe.
iam stuck on the chroot jail... and i know there has to be an easy way to do this.
[request] Create user with restricted access to 1 directory.
Message
- finalturismo
- Guru
- Posts: 410
- Joined: Mon Jan 06, 2020 4:53 pm
Hi,
use something like sftp chroot:
in sshd_config append:
Then create the group and add your specific user to this group.
use something like sftp chroot:
in sshd_config append:
Code: Select all
Subsystem sftp internal-sftp
#
Match Group sftp_users
ChrootDirectory <dir>
ForceCommand internal-sftp
- finalturismo
- Guru
- Posts: 410
- Joined: Mon Jan 06, 2020 4:53 pm
Thanks man, great info!!alamahant wrote:Hi,
use something like sftp chroot:
in sshd_config append:Then create the group and add your specific user to this group.Code: Select all
Subsystem sftp internal-sftp # Match Group sftp_users ChrootDirectory <dir> ForceCommand internal-sftp
I will mark the thread as solved.
1 thing i have noticed about this forum is that when you ask a question you almost always get a good answer, unlike some of the people on the linuxquestions forums. XD
So far i went with a restricted tunnel using /bin/false as the shell but i think i might take this route instead iam not sure yet.