April 26, 20214 yr i have managed to setup froxlor with working FTP and SFTP in parallel. My /etc/proftpd/sftp.conf <IfModule mod_sftp.c> <VirtualHost 0.0.0.0 fe80::1> SFTPEngine on SFTPLog /var/log/proftpd/sftp.log SFTPHostKey /etc/ssh/ssh_host_ecdsa_key SFTPHostKey /etc/ssh/ssh_host_rsa_key Port 2222 AllowOverwrite on DefaultRoot /var/customers/webs </VirtualHost> </IfModule> my /etc/ssh/sshd_config contains # override default of no subsystems - chagned by tg # Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match User testkunde2 ChrootDirectory /var/customers/webs ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no This is working ritght now. User testkunde2 is jailed in /var/customers/webs But what i need is a multi user solution. Question 1: how i could express the match expression for all froxlor users? I´ve tried Match Group www-data ChrootDirectory /var/customers/webs ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no which don´t match for any reason. As result user is not jailed in any way and have reading root dir access. User looks like getent passwd testkunde2 testkunde2:x:10001:10001:th gr:/var/customers/webs/testkunde2/:/bin/sh Question 2: chroot is only working if dir is owned by root but froxlor home dirs are owned by user. How could this be managed? This is a question about my personal understanding from froxlor / ssh / sftp. Froxlor home dirs are owned by it´s users. Is there any solution to integrate SFTP user jails for the homedirs of the users? Thank´s to all in advance!
Create an account or sign in to comment