How can I set up SFTP with chrooted groups?
up vote
1
down vote
favorite
How can I set up a working sftp server for multiple groups with a chrooted directory?
chroot openssh sftp
add a comment |
up vote
1
down vote
favorite
How can I set up a working sftp server for multiple groups with a chrooted directory?
chroot openssh sftp
1
Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon♦
Jul 26 '16 at 7:33
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
How can I set up a working sftp server for multiple groups with a chrooted directory?
chroot openssh sftp
How can I set up a working sftp server for multiple groups with a chrooted directory?
chroot openssh sftp
chroot openssh sftp
edited Jul 26 '16 at 7:32
terdon♦
63.3k12132209
63.3k12132209
asked Feb 26 '13 at 20:23
SPeedY
1615
1615
1
Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon♦
Jul 26 '16 at 7:33
add a comment |
1
Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon♦
Jul 26 '16 at 7:33
1
1
Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon♦
Jul 26 '16 at 7:33
Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon♦
Jul 26 '16 at 7:33
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.
Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..
Either way is right and it all how you do based on the environment we work and the requirement.
add a comment |
up vote
0
down vote
Reposted from the OP's original question by:
I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.
Sudo vi /etc/ssh/sshd_config
and add
Subsystem sftp internal-sftp
Match group Group-A
ChrootDirectory /Group-A
ForceCommand internal-sftp
AllowTcpForwarding no
Match group Broup-B
ChrootDirectory /Group-B
ForceCommand internal-sftp
AllowTcpForwarding no
save and exit and start creating the users and group directories:
sudo useradd Group-A-Users
sudo useradd Group-B-Users
sudo passwd Username
sudo usermod -G Group-A Group-A-Users= All users that belong to this group
sudo usermod -G Group-B Group-B-Users= All users that belong to this group
sudo mkdir /Group-A
sudo mkdir /Group-B
sudo mkdir /Group-A/Upload
sudo mkdir /Group-B/Upload
Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.
sudo chown root /Group-A
sudo chown root /Group-B
sudo chmod go-w /Group-A
sudo chmod go-w /Group-B
sudo chgrp GroupName /Group-A/Upload
sudo chgrp GroupName /Broup-B/Upload
sudo chmod ug+rwX /Group-A/Upload
sudo chmod ug+rwX /Group-B/Upload
This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.
Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..
Either way is right and it all how you do based on the environment we work and the requirement.
add a comment |
up vote
0
down vote
This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.
Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..
Either way is right and it all how you do based on the environment we work and the requirement.
add a comment |
up vote
0
down vote
up vote
0
down vote
This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.
Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..
Either way is right and it all how you do based on the environment we work and the requirement.
This one way would work, However simply create only one group and add as many users in the particular group so that when the user logs in to the SFTP server he will be chroot to that particular directory.
Then take the ownership of folder ( eg, Folder name is A, B, C and so on ) folder A from root to user x and restrict the access for others and and folder B take the ownership from root to user y and in that way we do not junk up the config file..
Either way is right and it all how you do based on the environment we work and the requirement.
answered May 7 '14 at 11:48
Ashvin Ashok Kumar
1
1
add a comment |
add a comment |
up vote
0
down vote
Reposted from the OP's original question by:
I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.
Sudo vi /etc/ssh/sshd_config
and add
Subsystem sftp internal-sftp
Match group Group-A
ChrootDirectory /Group-A
ForceCommand internal-sftp
AllowTcpForwarding no
Match group Broup-B
ChrootDirectory /Group-B
ForceCommand internal-sftp
AllowTcpForwarding no
save and exit and start creating the users and group directories:
sudo useradd Group-A-Users
sudo useradd Group-B-Users
sudo passwd Username
sudo usermod -G Group-A Group-A-Users= All users that belong to this group
sudo usermod -G Group-B Group-B-Users= All users that belong to this group
sudo mkdir /Group-A
sudo mkdir /Group-B
sudo mkdir /Group-A/Upload
sudo mkdir /Group-B/Upload
Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.
sudo chown root /Group-A
sudo chown root /Group-B
sudo chmod go-w /Group-A
sudo chmod go-w /Group-B
sudo chgrp GroupName /Group-A/Upload
sudo chgrp GroupName /Broup-B/Upload
sudo chmod ug+rwX /Group-A/Upload
sudo chmod ug+rwX /Group-B/Upload
This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.
add a comment |
up vote
0
down vote
Reposted from the OP's original question by:
I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.
Sudo vi /etc/ssh/sshd_config
and add
Subsystem sftp internal-sftp
Match group Group-A
ChrootDirectory /Group-A
ForceCommand internal-sftp
AllowTcpForwarding no
Match group Broup-B
ChrootDirectory /Group-B
ForceCommand internal-sftp
AllowTcpForwarding no
save and exit and start creating the users and group directories:
sudo useradd Group-A-Users
sudo useradd Group-B-Users
sudo passwd Username
sudo usermod -G Group-A Group-A-Users= All users that belong to this group
sudo usermod -G Group-B Group-B-Users= All users that belong to this group
sudo mkdir /Group-A
sudo mkdir /Group-B
sudo mkdir /Group-A/Upload
sudo mkdir /Group-B/Upload
Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.
sudo chown root /Group-A
sudo chown root /Group-B
sudo chmod go-w /Group-A
sudo chmod go-w /Group-B
sudo chgrp GroupName /Group-A/Upload
sudo chgrp GroupName /Broup-B/Upload
sudo chmod ug+rwX /Group-A/Upload
sudo chmod ug+rwX /Group-B/Upload
This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.
add a comment |
up vote
0
down vote
up vote
0
down vote
Reposted from the OP's original question by:
I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.
Sudo vi /etc/ssh/sshd_config
and add
Subsystem sftp internal-sftp
Match group Group-A
ChrootDirectory /Group-A
ForceCommand internal-sftp
AllowTcpForwarding no
Match group Broup-B
ChrootDirectory /Group-B
ForceCommand internal-sftp
AllowTcpForwarding no
save and exit and start creating the users and group directories:
sudo useradd Group-A-Users
sudo useradd Group-B-Users
sudo passwd Username
sudo usermod -G Group-A Group-A-Users= All users that belong to this group
sudo usermod -G Group-B Group-B-Users= All users that belong to this group
sudo mkdir /Group-A
sudo mkdir /Group-B
sudo mkdir /Group-A/Upload
sudo mkdir /Group-B/Upload
Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.
sudo chown root /Group-A
sudo chown root /Group-B
sudo chmod go-w /Group-A
sudo chmod go-w /Group-B
sudo chgrp GroupName /Group-A/Upload
sudo chgrp GroupName /Broup-B/Upload
sudo chmod ug+rwX /Group-A/Upload
sudo chmod ug+rwX /Group-B/Upload
This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.
Reposted from the OP's original question by:
I decided to share what finally worked for me. I am a novice 2 months into Ubuntu so please don't shot me yet :) This is nothing new but I had a hard time finding a complete article that explains how can a novice like me could achieve it.
Sudo vi /etc/ssh/sshd_config
and add
Subsystem sftp internal-sftp
Match group Group-A
ChrootDirectory /Group-A
ForceCommand internal-sftp
AllowTcpForwarding no
Match group Broup-B
ChrootDirectory /Group-B
ForceCommand internal-sftp
AllowTcpForwarding no
save and exit and start creating the users and group directories:
sudo useradd Group-A-Users
sudo useradd Group-B-Users
sudo passwd Username
sudo usermod -G Group-A Group-A-Users= All users that belong to this group
sudo usermod -G Group-B Group-B-Users= All users that belong to this group
sudo mkdir /Group-A
sudo mkdir /Group-B
sudo mkdir /Group-A/Upload
sudo mkdir /Group-B/Upload
Now lets set permission to the directories. The main folder must be own by root and no one should have write access to it by any other user or group or it will result in ssh crashing after restart.
sudo chown root /Group-A
sudo chown root /Group-B
sudo chmod go-w /Group-A
sudo chmod go-w /Group-B
sudo chgrp GroupName /Group-A/Upload
sudo chgrp GroupName /Broup-B/Upload
sudo chmod ug+rwX /Group-A/Upload
sudo chmod ug+rwX /Group-B/Upload
This is a guide for dummy's users like me who are new to Ubuntu and want to setup a secure sftp server for work or friends.
answered Jul 26 '16 at 7:33
community wiki
terdon
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f261663%2fhow-can-i-set-up-sftp-with-chrooted-groups%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Please don't post answers in the question body. If you want to post a guide, ask a question and post your guide as an answer.
– terdon♦
Jul 26 '16 at 7:33