I am trying to setup an sftp server and I am having issues getting it to work exactly as I like.
My server has two hard drives, the first is used for the os, and it contains all of the users home directories. My second drive contains all of the data that I would like to be able to share with specific users.
I want to prevent users (except for myself) from being able to ssh into the server, and I would like all users to be able to use sftp to transfer data to and from my "data" drive.
Limiting ssh access was easy. I created the group "ssh_users", added my account to it, and added AllowGroups ssh_users to the sshd_config file.
Getting the sftp to work as I want it to has been a struggle. I thought chrooting users to the data drive would work, but maybe I don't have permissions setup correctly?
What can I do to get this working? Thanks
Best Answer
I wrote an article about that some time ago: http://en.positon.org/post/SFTP-chroot-rsync
I think what you need in
/etc/ssh/sshd_config
is:You can change the ChrootDirectory to your need, however, the chroot directory have to be owned by root and not writeable by the users. This is a security restriction from the OpenSSH developers.
Also, carefully check
/var/log/auth.log
for SSH connections problems.