We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
SFTP
SFTP
Hello!
I've been experimenting with VestaCP for a few days now and I absolutely adore it!
However, I experience one small issue, I'd like my users to use SFTP.
So I grant them the rssh option so they're able to login with SFTP
It works BUT, I want them to be restricted to their home directory (Like "/home/$USER/web/") because as of right now they can go out of their home directory and see all everything on the system and that's not anything I appreciate...
This is my current vsFTPd config:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=NO
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#allow_writable_chroot=YES
allow_writeable_chroot=YES
seccomp_sandbox=NO
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
user_sub_token=$USER
local_root=/home/$USER/web/
I've also tried to add the text below to the /etc/ssh/ssh_config without success.
Match Group sftp-only
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
Kind regards,
Ocrion.
I've been experimenting with VestaCP for a few days now and I absolutely adore it!
However, I experience one small issue, I'd like my users to use SFTP.
So I grant them the rssh option so they're able to login with SFTP
It works BUT, I want them to be restricted to their home directory (Like "/home/$USER/web/") because as of right now they can go out of their home directory and see all everything on the system and that's not anything I appreciate...
This is my current vsFTPd config:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=NO
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#allow_writable_chroot=YES
allow_writeable_chroot=YES
seccomp_sandbox=NO
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
user_sub_token=$USER
local_root=/home/$USER/web/
I've also tried to add the text below to the /etc/ssh/ssh_config without success.
Match Group sftp-only
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
Kind regards,
Ocrion.