scponly worked but didn't chroot the home folder, the user can still browse the entire server.
Posted
by Mint
on Server Fault
See other posts from Server Fault
or by Mint
Published on 2010-03-02T09:13:01Z
Indexed on
2010/04/23
4:04 UTC
Read the original article
Hit count: 252
So I followed the "Chroot and Debian" tutorial in http://sublimation.org/scponly/wiki/index.php/FAQ
Then when I log into user "upload" via ssh I have no access to the command line (this is what I wanted).
But then when I SFTP into the upload user I can still see all the root files (/), it didn't chroot me to just /home/upload whats going on?
….
I added this to the end of my /etc/ssh/sshd_config file, then done a restart
Subsystem sftp internal-sftp
UsePAM yes
Match User upload
ChrootDirectory /home/upload
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Then when I log into sftp I can only see my upload folder (this is what I want), but now scp doesn't work :P
SCP will accept my password then:
debug1: Next authentication method: password
[email protected]'s password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_NZ.UTF-8
debug1: Sending command: scp -v -t /test
It will hang on that last debug message.
Any help would be greatly appreciated.
Note, running Debian Lenny
© Server Fault or respective owner