Consentire solo l'uso di SFTP

From RVM Wiki
Revision as of 13:37, 9 January 2009 by Gabriele.vivinetto (talk | contribs) (New page: {Stub} Step 1: If it doesn't exist yet, create a group for the users you want to have sftp access only: mark@neuskeutel:~$ sudo groupadd sftponly Step 2: Add user "mark" to this group...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

{Stub}


Step 1: If it doesn't exist yet, create a group for the users you want to have sftp access only: 

mark@neuskeutel:~$ sudo groupadd sftponly

Step 2: Add user "mark" to this group: 

mark@neuskeutel:~$ sudo adduser peter sftponly

Step 3: Install openssh-server if it's not installed yet. 

mark@neuskeutel:~$ sudo apt-get install openssh-server

Step 4: Open the default OpenSSH server configuration for editing: 

mark@neuskeutel:~$ sudo nano /etc/ssh/sshd_config

Step 5: Change the default sftp server from: 

Subsystem sftp /usr/lib/openssh/sftp-server

to 

Subsystem sftp internal-sftp

Step 6: Some users can only use sftp, but not other OpenSSH features like remote login. Let's create a rule for that group of users (we'll create the group afterwards). Add the following section to the bottom of /etc/ssh/sshd_config: 

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Step 7: Pass ownership of peter's directory you want to be sftp accessible to the superuser: 

mark@neuskeutel:~$ sudo chown root.root /home/peter

Step 8: Now we change peter's home directory (normally /home/peter) to /: 

sudo usermod -d / peter

Step 9: Repeat steps 2, 7 and 8 for any other users that you want to give sftp access.

Riferimenti

Retrieved from "https://kb.rvmgroup.it/index.php?title=Consentire_solo_l%27uso_di_SFTP&oldid=6016"