Poor documentation for SFTP chroot
Poor documentation for SFTP chroot
Hello I recently bought sftp plugin i want to give each of my users ssh access to work with git svn and other .
after purchasing i just activate the plugin but nothing added to setting like a field or ...
i cant find any documentation related to this sftp
please anyone give me a tut or advice thanks
after purchasing i just activate the plugin but nothing added to setting like a field or ...
i cant find any documentation related to this sftp
please anyone give me a tut or advice thanks
Re: Poor documentation for SFTP chroot
Enabling SFTP is very easy. Open /etc/ssh/sshd_config...
vi /etc/ssh/sshd_config
... and make sure you have the following line in it:
[...]
Subsystem sftp /usr/lib/openssh/sftp-server
[...]
Then add the following stanza at the end of the file (add such a stanza for each user that you want to chroot):
[...]
Match User falko
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server
Instead of adding a stanza for each user, you can also chroot groups, e.g. as follows:
[...]
Match Group users
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server
This would chroot all members of the users group to the /home directory.
Restart OpenSSH:
/etc/init.d/ssh restart
If you chroot multiple users to the same directory, but don't want the users to browse the home directories of the other users, you can change the permissions of each home directory as follows:
chmod 700 /home/falko
Afterwards, you can log in with an SFTP client, such as FileZilla or WinSCP.
vi /etc/ssh/sshd_config
... and make sure you have the following line in it:
[...]
Subsystem sftp /usr/lib/openssh/sftp-server
[...]
Then add the following stanza at the end of the file (add such a stanza for each user that you want to chroot):
[...]
Match User falko
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server
Instead of adding a stanza for each user, you can also chroot groups, e.g. as follows:
[...]
Match Group users
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand /usr/lib/openssh/sftp-server
This would chroot all members of the users group to the /home directory.
Restart OpenSSH:
/etc/init.d/ssh restart
If you chroot multiple users to the same directory, but don't want the users to browse the home directories of the other users, you can change the permissions of each home directory as follows:
chmod 700 /home/falko
Afterwards, you can log in with an SFTP client, such as FileZilla or WinSCP.
Re: Poor documentation for SFTP chroot
before i used jailkit on ispconfig and familiar with ssh jailed user but why i pay for plugin ? i thought this is what user can do it in his control panel in this situation i have to do for every user , how can i add custom command for example git or ...
i think this have to done automatically when user created
please some one clarify me
thanks
i think this have to done automatically when user created
please some one clarify me
thanks
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: Poor documentation for SFTP chroot
I think everything is done when you activate the plugin. You can check the code: https://github.com/serghey-rodin/vesta/ ... -sftp-jailArash wrote:before i used jailkit on ispconfig and familiar with ssh jailed user but why i pay for plugin ? i thought this is what user can do it in his control panel in this situation i have to do for every user , how can i add custom command for example git or ...
i think this have to done automatically when user created
please some one clarify me
thanks
Re: Poor documentation for SFTP chroot
I'm upping this topic because I also need more documentation about this premium plugin.
I just bought it and after activating the license, I don't know what to do...
Should I create by hand a /home/user1/.ssh/authorized_keys file, with my user1 ssh public key ?
A little bit of documentation should be usefull !!!!
I just bought it and after activating the license, I don't know what to do...
Should I create by hand a /home/user1/.ssh/authorized_keys file, with my user1 ssh public key ?
A little bit of documentation should be usefull !!!!
-
- Posts: 1
- Joined: Mon Sep 11, 2017 11:22 am
Re: Poor documentation for SFTP chroot
Any updates?
Re: Poor documentation for SFTP chroot
Do you have to purchase a license for EVERY server? I bought a license for my servers, and while it works on the server you put it on, for some reason it seems to disable that license number when you try and use it on another server? Would be nice if it'd told me thats what happens! (I've tried emailing to clarify, but haven't have any response in over a 2 months!)
Does anyone else know the situation?
Thanks
Andy
Does anyone else know the situation?
Thanks
Andy
Re: Poor documentation for SFTP chroot
there seems to be no continuation of documentation and how to use this plugin
Re: Poor documentation for SFTP chroot
What I have since found out:
1) You need 1 licensee per server. Using the same license on another server will disable it on the original
2) There is no configuration as such - it just "works"
3) I'm not sure what you have to do with existing accounts that existed before it - ie are they in the correct jail for the user or not
Hopefully that helps a bit :)
Cheers
Andy