• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved SFTP

J

John Low

New Pleskian
Greetings,

We are trying to allow SFTP access to one of our users.

However, we want to lock the user so that it would not be able to navigate through the whole file system, and no ssh login access.

Below are what we did...
  • chown root:root /var/www/vhosts/[domain name]
  • permission set to 755
  • Plesk (12.5.30) => FTP => [domain name] => /sbin/nologin
  • /etc/passwd => [user]:x:10017:503::/var/www/vhosts/[domain name]:/sbin/nologin
  • /etc/ssh/sshd_config...
Subsystem sftp internal-sftp
Match User [user]
ChrootDirectory /var/www/vhosts/[domain name]
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no​
  • /var/log/secure (no error)
... Accepted password for [domain name] from... ssh2
...subsystem request for sftp​

  • FileZilla (error)
00:03:28 Error: Received unexpected end-of-file from SFTP server
00:03:28 Error: Could not connect to server​

When set from /sbin/nologin to /bin/bash (chrooted), we are able to connect but it allows user to navigate through the whole file system.

Please advise.

TIA

John Low
 
Thank you so much for the link.

We have done that, except we didn't create the group... i.e. we match the user ,instead of group...

There's no error in /var/log/secure. However, we can't connect in FileZilla.

Wonder what else did we missed, or which other file(s) should we look at for any errors...
 
You must log in or register to reply here.

Similar threads

T
Question Restrict the access to Home Directory via SFTP
Replies
6
Views
611
Thomas Oryon
T
M
Question Log chroot SFTP file transfers
Replies
1
Views
935
mserra_manxa
M
P
Question Best way to add sftp user to be jailed within an existing host
Replies
3
Views
744
TridentMarketing
T
UHF
Resolved SFTP Connection Issue
Replies
2
Views
3K
UHF
UHF
P
Issue Restoring backup on a new server fails always
Replies
2
Views
936
Kaspar@Plesk
Kaspar@Plesk
Back
Top