Login or Register to Ask a Question and Join Our Community


Red Hat

sftp configuration | to lock users to their home folder.

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat sftp configuration | to lock users to their home folder.
# 1  
Old 12-04-2011
sftp configuration | to lock users to their home folder.
In generally I use vsftp but I want to improve our security so I decide to use sftp instead of vsftp.

We know that ssh,scp and sftp are in openssh server.

How can I lock only sftp user to their home folder? And to prevent some users for sftp like root as such in vsftp daemon?
# 2  
Old 12-04-2011
1. you should chroot the sftp-only accounts
Some guides for setting up chroot:
Linux Chroot Howto

2. Block root access with sshd_config:
Open /etc/ssh/sshd_config file
Code:
# vi /etc/ssh/sshd_config

Add this line:
Code:
DenyUsers root

This works to completely deny access any user on the box
# 3  
Old 12-04-2011
Why my ssh version doesn't support "Match" parameter?

Code:
#vi /etc/sshd/sshd_config
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem       sftp    internal-sftp
Match Group sftp_ok
        ForceCommand internal-sftp
        ChrootDirectory /home/%u

Code:
# service sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd: /etc/ssh/sshd_config: line 121: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options
                                                           [FAILED]
#

Code:
# rpm -qa | grep ssh
openssh-askpass-4.3p2-72.el5_6.3
openssh-clients-4.3p2-72.el5_6.3
openssh-4.3p2-72.el5_6.3
openssh-server-4.3p2-72.el5_6.3
#

# 4  
Old 12-06-2011
Which version of openssh supports Match parameter in sshd_config file?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

0514-516 Device Configuration Database Lock Service

Hello guys, on one of our AIX VIO LPARs I can not remove hdiskpower devices, which seemed to presented to the VIO in an incorrect way and behaviour (not all paths can be seen, pseudo device name is unknown etc.) Therefor I decided to deattach the hdiskpower device from PowerPath controll by: ... (5 Replies)
Discussion started by: tomek79
5 Replies

2. Red Hat

Chroot sftp users, remote sftp login shows wrong timestamp on files

Hello, I have a weird issue, I have RHEL 5.7 running with openssh5.2 where sftpgroup OS group is chroot. I see the difference difference in timestamp on files, when I login via ssh and SFTP, I see four hour difference, is something missing in my configuration. #pwd... (8 Replies)
Discussion started by: bobby320
8 Replies

3. Red Hat

SSH lock users to the Home Directory

Hi friends, I must to give ssh connection to own customer. So I want to lock ssh user on own home directory. It is not necessery to reach other folders. I know that ftp user can lock on own folder but I don't know how to lock ssh user. I am waitting your kindly helps :D ---------- Post... (10 Replies)
Discussion started by: getrue
10 Replies

4. Shell Programming and Scripting

simple script to mount a folder in all users /home

Go easy on me - first post I need a simple script that will mount a directory in the /home folder of all users. I need to run this on boot and regular intervals as a cron job. I was hoping to achieve this by modifying fstab but it is not possible and I would like to avoid symlinks. I have... (7 Replies)
Discussion started by: barrydocks
7 Replies

5. Linux

Lock User in home directory in ftp prompt

Hi, I am using Red Hat Enterprise Linux ES release 4 (Nahant Update 5). Here I have created one user with /sbin/nologin shll such that login is not possible only ftp is possible. But I want to do another thing that the user can not roam around after ftp. I had tried one way. in... (4 Replies)
Discussion started by: kallol
4 Replies

6. Shell Programming and Scripting

copy some files from users home folders to my folder

i have users home directories in /home all the users have some files starting with character e and i want to copy all these files in a folder in my (root) home using a script i tried the script for i in m5 do cd m5 cp e1* /home/pc/exam cd .. done but get these... (3 Replies)
Discussion started by: pcrana
3 Replies

7. Shell Programming and Scripting

Folder Lock in Unix

I am a new user of linux. I have 2 Queries 1) I recently started working with shell script, and now i plan to make a folder lock using a shell script. I have ubuntu 8.04 installed on my system. 2) When i searched on this forum all i got was mini-httpd, and apache2-utils package, but they... (2 Replies)
Discussion started by: tsunami
2 Replies

8. Solaris

lock users in cvs

dears is there any one know how to make any user readonly (2 Replies)
Discussion started by: murad.jaber
2 Replies

9. UNIX for Advanced & Expert Users

Lock the required folder

Hi friends, 5-6 users are using the same login in one of our Unix server. My question is, Is it possible to lock some folder using seperate password other than login password by each user, so that that folder is not accessible to other users. Please guide/suggest me. Cheers~~ Ganapati.... (11 Replies)
Discussion started by: ganapati
11 Replies

10. UNIX for Dummies Questions & Answers

Files still being created in /var/spool/mmdf/lock/home

Hi all I need help finding a process that is continuing to create files in the above area. There are three sub folder titled addr q.local and msg . I have already found a process called mmdf running and have used the kill command to stop this from running. I have also looked for sendmail or... (12 Replies)
Discussion started by: TeaMaker
12 Replies
Login or Register to Ask a Question