• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved SFTP

J

John Low

New Pleskian
Greetings,

We are trying to allow SFTP access to one of our users.

However, we want to lock the user so that it would not be able to navigate through the whole file system, and no ssh login access.

Below are what we did...
  • chown root:root /var/www/vhosts/[domain name]
  • permission set to 755
  • Plesk (12.5.30) => FTP => [domain name] => /sbin/nologin
  • /etc/passwd => [user]:x:10017:503::/var/www/vhosts/[domain name]:/sbin/nologin
  • /etc/ssh/sshd_config...
Subsystem sftp internal-sftp
Match User [user]
ChrootDirectory /var/www/vhosts/[domain name]
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no​
  • /var/log/secure (no error)
... Accepted password for [domain name] from... ssh2
...subsystem request for sftp​

  • FileZilla (error)
00:03:28 Error: Received unexpected end-of-file from SFTP server
00:03:28 Error: Could not connect to server​

When set from /sbin/nologin to /bin/bash (chrooted), we are able to connect but it allows user to navigate through the whole file system.

Please advise.

TIA

John Low
 
Thank you so much for the link.

We have done that, except we didn't create the group... i.e. we match the user ,instead of group...

There's no error in /var/log/secure. However, we can't connect in FileZilla.

Wonder what else did we missed, or which other file(s) should we look at for any errors...
 
You must log in or register to reply here.

Similar threads

M
Question Log chroot SFTP file transfers
Replies
1
Views
160
mserra_manxa
M
UHF
Resolved SFTP Connection Issue
Replies
2
Views
2K
UHF
UHF
Daveo
Issue Enabling of HTTP/2 whilst LiteSpeed was in use has broken things
Replies
11
Views
919
WebHostingAce
WebHostingAce
P
Resolved Backup Manager warning
Replies
2
Views
3K
pinncomp
P
Dmytro
Question unzip archive with Cyrillic filenames inside
Replies
1
Views
930
Dmytro
Dmytro
Back
Top