• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved SFTP

J

John Low

New Pleskian
Greetings,

We are trying to allow SFTP access to one of our users.

However, we want to lock the user so that it would not be able to navigate through the whole file system, and no ssh login access.

Below are what we did...
  • chown root:root /var/www/vhosts/[domain name]
  • permission set to 755
  • Plesk (12.5.30) => FTP => [domain name] => /sbin/nologin
  • /etc/passwd => [user]:x:10017:503::/var/www/vhosts/[domain name]:/sbin/nologin
  • /etc/ssh/sshd_config...
Subsystem sftp internal-sftp
Match User [user]
ChrootDirectory /var/www/vhosts/[domain name]
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no​
  • /var/log/secure (no error)
... Accepted password for [domain name] from... ssh2
...subsystem request for sftp​

  • FileZilla (error)
00:03:28 Error: Received unexpected end-of-file from SFTP server
00:03:28 Error: Could not connect to server​

When set from /sbin/nologin to /bin/bash (chrooted), we are able to connect but it allows user to navigate through the whole file system.

Please advise.

TIA

John Low
 
Thank you so much for the link.

We have done that, except we didn't create the group... i.e. we match the user ,instead of group...

There's no error in /var/log/secure. However, we can't connect in FileZilla.

Wonder what else did we missed, or which other file(s) should we look at for any errors...
 
You must log in or register to reply here.

Similar threads

M
Question Log chroot SFTP file transfers
Replies
1
Views
618
mserra_manxa
M
P
Question Best way to add sftp user to be jailed within an existing host
Replies
1
Views
293
Kaspar@Plesk
Kaspar@Plesk
UHF
Resolved SFTP Connection Issue
Replies
2
Views
3K
UHF
UHF
P
Issue Restoring backup on a new server fails always
Replies
2
Views
509
Kaspar@Plesk
Kaspar@Plesk
Daveo
Issue Enabling of HTTP/2 whilst LiteSpeed was in use has broken things
Replies
11
Views
1K
WebHostingAce
WebHostingAce
Back
Top