Wednesday, April 27, 2016

ssh - How to allow write on SFTP only setup?

I'm trying to setup FreeBSD 10 with an account that can SFTP, but not SSH.




I've got my sftponly group and my specific account is a member of that group. My sshd_config contains:



Match Group sftponly
ChrootDirectory /home/account
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp



The /home/account is mode 755 with root:sftponly ownership. In this configuration I can login, list the directory, and "get" files but cannot upload files (write permission denied). If I change the account directory to 775 to give the sftponly group write permissions, then the login is blocked. What's the appropriate setup for allowing read AND write SFTP operations with SSH blocked?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...