OpenSSH : SFTP only + Chroot

Configure SFTP only + Chroot.

Some users who are applied this setting can access only with SFTP and also applied chroot directory.

[1]. For example, Set [/home] as the Chroot directory.

# create a group for SFTP only

[root@dlp ~]# groupadd sftp_users

[root@dlp ~]# vi /etc/ssh/sshd_config

# line 142: comment out and add a line

#Subsystem      sftp    /usr/libexec/openssh/sftp-server

Subsystem       sftp    internal-sftp

# add to the end

Match Group sftp_users

  X11Forwarding no

  AllowTcpForwarding no

  ChrootDirectory /home

  ForceCommand internal-sftp

[root@dlp ~]# systemctl restart sshd

# for example, set [cent] user as SFTP only user

[root@dlp ~]# usermod -G sftp_users cent

[2]. Verify working with a user set SFTP only setting.

[cent@node01 ~]$ ssh dlp.srv.world

cent@dlp.srv.world's password:

This service allows sftp connections only.

Connection to dlp.srv.world closed.   # denied normally

[cent@node01 ~]$ sftp dlp.srv.world

cent@dlp.srv.world's password:

Connected to dlp.srv.world. sftp> ls -l

drwx------    3 cent     cent           95 Sep 29 11:34 cent

sftp> pwd

Remote working directory: /

sftp> exit

Comments

Post a Comment

Popular posts from this blog

Java : Variables Declaring

[1]. Java Variables Variables are containers for storing data values. In Java, there are different types of variables, for example: String - stores text, such as "Hello". String values are surrounded by double quotes int - stores integers (whole numbers), without decimals, such as 123 or -123 float - stores floating point numbers, with decimals, such as 19.99 or -19.99 char - stores single characters, such as 'a' or 'B'. Char values are surrounded by single quotes boolean - stores values with two states: true or false [2]. Declaring (Creating) Variables To create a variable, you must specify the type and assign it a value: Syntax type variable = value ; Where type is one of Java's types (such as int or String), and variable is the name of the variable (such as x or name). The equal sign is used to assign values to the variable. To create a variable that should store text, look at the following example: Example Create a variable called  name  of type  Stri...
Read more

Install DNF in RHEL/CentOS 7

  Install DNF in RHEL/CentOS 7 DNF stands for Dandified yum. DNF is a software package manager for RPM-based Linux distributions such as Fedora, RHEL and CentOS. It is the next upcoming major version of Yum. DNF is first introduced in Fedora and has replaced to become the default package manager of the Fedora distributions. DNF is same as Yum that installs, updates and removes packages on RPM bas4ed Linux systems. DNF is introduced for improving the bottlenecks of Yum such as performance, Memory usages, Dependency resolution, speed, and some other factors. The latest stable release of DNF is 1.0 and it is written in Python.   Installation of DNF in RHEL/CentOS 7 1) To install DNF on RHEL/CentOS 7 systems, you need to set up and enable epel YUM REPO before installing DNF. # yum install epel-release 2) Install DNF # yum install DNF 3) You can now start to run commands using DNF. To view the man page you can use the following command: # dnf –help
Read more

SQL Self JOIN

SQL Self JOIN A self JOIN is a regular join, but the table is joined with itself. Self JOIN Syntax SELECT column_name(s) FROM table1 T1, table1 T2 WHERE condition; T1 and T2 are different table aliases for the same table.
Read more