Voir :
Voir également :
Ou pour un acces exclusif en SFTP :
#usermod -s /usr/lib/openssh/sftp-server username echo "/usr/lib/openssh/sftp-server" >> /etc/shells
Source : http://www.debian-administration.org/article/94/How_to_restrict_users_to_SFTP_only_instead_of_SSH
Comme bash figure dans /etc/shells, c'est ok
/usr/local/bin/sftp.sh
#! /bin/bash /usr/lib/openssh/sftp-server -l INFO
chmod +x /usr/local/bin/sftp.sh
Tout est log dans /var/log/auth.log
/etc/passwd
test:x:1003:1003:,,,:/home/test:/usr/local/bin/sftp.sh
/etc/ssh/sftp_config
<Default> #Home /home/$USER #overrite home of the user but if you want you can use # environment variable (ie: Home /home/$USER) #LimitConnection 10 #max connection for the server sftp #LimitConnectionByUser 1 #max connection for the account #LimitConnectionByIP 2 #max connection by ip for the account LimitConnection 10 #max connection for the server sftp LimitConnectionByUser 5 #max connection for the account LimitConnectionByIP 10 #max connection by ip for the account </Default>
/etc/shells
/usr/bin/mysecureshell
/etc/init.d/mysecureshell restart
usermod -s /usr/bin/mysecureshell sftpuser
# sftp-verif Verifing file rights of /usr/bin/mysecureshell [ FAILED ] Rights problems have been detected 0755 and should be 4755 Do you want to repair /usr/bin/mysecureshell file rights ? (Y/n)
Voir : /var/log/sftp-server.log
useradd sftp_download -s /sbin/nologin - passwd sftp_download mkdir /download
# override default of no subsystems
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /upload
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
ForceCommand internal-sftp -d /%u
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
# PasswordAuthentication no