Home>

I want to limit the actions of sftp-user2 as the title says. Details are as follows.

User name: sftp-user2

①/home/sftp-user2
②/data/sftp/under-sftp

I want to make sftp-user2 created above accessible under the sftp-user2, but I don't know how.
If i refer to the following site, there is a statement that if you specify ChrootDirectory, you can access only below that hierarchy, but adding "ChrootDirectory/under-sftp" will cause an error.

Subsystem sftp/usr/libexec/openssh/sftp-server
Match User sftp-user2
       ForceCommand/usr/libexec/openssh/sftp-server
       ChrootDirectory/under-sftp



By the way, if you comment out "ChrootDirectory/under-sftp", it works normally.

Thanks for your professor.

Environment amazonLinux

  • Answer # 1

    Match User sftp-user2

    ForceCommand/usr/libexec/openssh/sftp-server

    ForceCommand internal-sftp
    ChrootDirectory/data/sftp/
    You can now rewrite it as above!

  • Answer # 2

    I don't know which Linux is AWS Linux (can be confirmed around uname -a or/etc/*-release)

    Subsystem sftp/usr/libexec/openssh/sftp-server
    Match User sftp-user2
           ChrootDirectory/under-sftp
           ForceCommand internal-sftp
           AuthorizedKeysFile /home/%u/.ssh/authorized_keys
    Isn't it

    ?

    Reference site
    Use key authentication for users who only use sftp
    Create a dedicated chroot environment + sftp user in CentOS 7
    sshd/sftp-sftp