|
Hello
I'm so sorry to cite from a website but when I tried to send the link of the site I got a bounce error from lists.debian... so here is the site: This came up today where I needed to give secure file transfer to customers. To complicate things I had to use an out-of-the-box RHEL6 system. The obvious answer was to use SSH and limit those users to SFTP only. Locking them into a chroot was not a requirement, but it seemed like a good idea to me. I found plenty of docs that got 80% of the way, or took a shortcut, but this should be complete. The basic steps are:
Without further ado, lets get started. It should only take about 10 minutes, nothing here is especially complex. Create a group that is limited to SFTP only and a user to be in that group.
Now you need to make a little change to
Now you need to create a block at the end to limit members of a group (ie the sftponly group you created above) and chroot them. Simply add the following to the end of the file:
These changes will require a reload of the SSH daemon: Now you need to make some file permission changes. For some reason which I cannot work out for now, the home directory must be owned by root and have the permissions 755. So we will also need to make a folder in the home directory to upload to and make that owned by the user.
The last thing we need to do is tell SELinux that we want to upload files via SFTP to a chroot as it is read-only by default. Of course you are running SELinux in enforcing mode aren’t you :)
Now from another console you can sftp to your server
You should then be able to put a file in your upload folder. However if you try to ssh to the server as the user sftptest it should tell you to go away. Of course you should be able to ssh as your normal user with no problem. Pro tip: make sure to leave a root terminal open just in case. I'm sure it can be used on Debian as well.Balint On 04/01/14 15:30, emmanuel segura wrote:
|