Resolved SFTP

John Low · Feb 12, 2017

Greetings,

We are trying to allow SFTP access to one of our users.

However, we want to lock the user so that it would not be able to navigate through the whole file system, and no ssh login access.

Below are what we did...

chown root:root /var/www/vhosts/[domain name]
permission set to 755
Plesk (12.5.30) => FTP => [domain name] => /sbin/nologin
/etc/passwd => [user]:x:10017:503::/var/www/vhosts/[domain name]:/sbin/nologin
/etc/ssh/sshd_config...

Subsystem sftp internal-sftp
Match User [user]
ChrootDirectory /var/www/vhosts/[domain name]

ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

/var/log/secure (no error)

... Accepted password for [domain name] from... ssh2
...subsystem request for sftp

FileZilla (error)

00:03:28 Error: Received unexpected end-of-file from SFTP server
00:03:28 Error: Could not connect to server

When set from /sbin/nologin to /bin/bash (chrooted), we are able to connect but it allows user to navigate through the whole file system.

Please advise.

TIA

John Low

serverpoint · Feb 14, 2017

Hi,

Hope this article helps:

http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

Thanks,

John Low · Feb 14, 2017

Thank you so much for the link.

We have done that, except we didn't create the group... i.e. we match the user ,instead of group...

There's no error in /var/log/secure. However, we can't connect in FileZilla.

Wonder what else did we missed, or which other file(s) should we look at for any errors...

Resolved SFTP

John Low

New Pleskian

serverpoint

Basic Pleskian

John Low

New Pleskian

Similar threads