In this post I will be explaining the steps to configure SFTP in redhat/centos servers, more importantly I will chroot the sftp user to restrict his privileges.
Step1 :Create a group, that will be limited to SFTP and add a user to that group. Here as an example,
add the group "group_manoj", which will be limited to SFTP and add the user "user_manu" to the group as below:
Step2:
-------
Now, open the file "/etc/ssh/sshd_config" and find the line starting with "Subsystem" and change it to as below:
====
Subsystem sftp internal-sftp
====
Add the following lines to the end of the same file:
====
Match Group group_manoj
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
====
After this restart ssh as "service sshd restart"
Now, run the below command to create a directory called "upload" and set permission as below:
====
mkdir /home/user_manu/upload
chown root. /home/user_manu
chmod 755 /home/user_manu
chgrp -R group_manoj /home/user_manu
====
Now, try to sftp to the server as sftp user "user_manu".
====
sftp user_manu@67.xxx.xx.xx
====
Kool :)
No comments:
Post a Comment
Note: only a member of this blog may post a comment.