AdminSysGNULinux

Outils pour utilisateurs

Outils du site

Piste : linux_memoire_invoquer_manuellement_l_oom_killer suivre_la_conso_cpu_par_utilisateurs upgrade_dist-upgrade_ubuntu temperature_materiel_cpu_carte_mere_debian_lm-sensors serveur_samba_smb_cifs draft-pare-feu-iptables-openwrt-ipv4 todo-pourquoi-le-logiciel-libre police_de_caracteres_-_fonts ssh_-r_binds_to_127.0.0.1_only_on_remote monter_un_serveur_sftp_chroote_avec_openssh
tech:monter_un_serveur_sftp_chroote_avec_openssh
, ,

Monter un serveur SFTP chroote avec OpenSSH

Voir : https://michauko.org/blog/sftp-chroot-et-pas-de-ssh-bloquer-un-utilisateur-dans-un-repertoire-1099/

Voir aussi : 

mkdir -p /chroot/shared/
chown root:nsc /chroot
chmod 750 /chroot
 
useradd sftpuser -M -d /dev/null -s /sbin/nologin
# useradd is a low level utility for adding users. On Debian, administrators should usually use adduser(8) instead.
 
echo "/mnt/shared/ /chroot/shared/    none _netdev,bind 0 0" >> /etc/fstab
/etc/ssh/sshd_config
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem     sftp   internal-sftp

Match User sftpuser
        ChrootDirectory /chroot
        ForceCommand internal-sftp
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no
        PermitTunnel no
        AllowAgentForwarding no
        PermitTTY no

mount /chroot/shared/
systemctl restart sshd
systemctl status sshd

Autres

The simplest way is to create some script that would take care of that. Add 

Match User test1
  ForceCommand /path/to/your/script.sh

And your script will basically run whatever the user wants, unless it is request for SFTP: 

#!/bin/bash
if [[ "$SSH_ORIGINAL_COMMAND" =~ .*sftp-server.* ]]; then
   echo "SFTP not allowed"
   exit 255;
else
   exec "$SSH_ORIGINAL_COMMAND"
fi

FIXME

tech/monter_un_serveur_sftp_chroote_avec_openssh.txt · Dernière modification : de Jean-Baptiste
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki