Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to restrict a user to do sftp to a particular directory in raspberry pi os but after successfully doing that i am unable to do ssh.
i have edited etc/ssh/sshd_config This is the configuration i have inserted in config file
Allowed Users admin
Subsystem sftp /usr/lib/openssh/sftp-server
Match User admin
ForceCommand internal-sftp -d /update
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
How to restrict sftp to a particular directory but ssh should also work......
It is trivial to restrict a user to STP only. IT is trivial to restrict a user to a particular directory for both sftp and ssh.
It is unclear exactly what you want, but if you want ssh shell access unrestricted and file transfer restricted to a single tree, that is "interesting"! I cannot image why you would want such an odd animal, but I have a solution: it involves two listeners and ssh installations rather than one: with different configurations. SSH running on one port (22?) with sftp/scp blocked or disabled, and ssh restricted to a single folder and allowing ONLY sftp on a different port. This requires some manual duplication or linking of the key structures, or running two processes from the same install with very different command-lines and different sshd.conf files. (sshd.conf and sshd2.conf? Whatever.)
There may be another way. No, there are MANY other ways, I just cannot think of them right now. One would be to run OpenSSH (sshd) with a config that does not enable sftp, but run an ftp client that supports sftp sessions using that applications config and restrictions.
Of note, most people who want to restrict sftp also want to restrict or disable ssh sessions. This is actually BACKWARD to the normal cases!
If I have misunderstood, and I HOPE I have, please provide correction and clarification.
Below is from link above, I believe this is where the magic happens. Of course, other steps mentioned should not be missed.
Quote:
Step 4: Configure SFTP chroot jail
To configure SFTP chroot jail we will modify /etc/ssh/sshd_config
[root@server2 ~]# vim /etc/ssh/sshd_config
<output_trimmed>
#Comment sftp-server SubSystem and use internal-sftp
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
#Add this section to match for user "deepak"
Match user deepak
ChrootDirectory /opt/sftp-jails/deepak <-- Our sftp chroot jail directory
X11Forwarding no
AllowTcpForwarding no
PermitTunnel no
AllowAgentForwarding no
ForceCommand internal-sftp
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.