Hello!
Due to some oddly specific requirements I need to lock a user account to web-server to only have the ability to upload content to a specific directory using sftp/scp and can't quite get it to work correctly...
Following some advice I found through googling I originally made an scp_shell by execing to /usr/bin/scp -t /some/directory/upload and putting that file in /etc/shells .
That worked well to restrict to scp only, but I could not modify it to allow sftp in a similar manner...
I played with rssh some and that made locking the commands down real easy... but did not seem to support a chroot option at all :(
i also tried to add this into the sshd_config:
Match user sftponly
ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp ...but that apparently stopped ssh from restarting and almost locked me out, I think having something to do with the PAM auth maybe?
Any ideas would be helpful! Ideally adding the sftp command to custom shell would be nice, but I don't know how to do that.
Thanks in advance!
[link][17 comments]