i have managed to setup froxlor with working FTP and SFTP in parallel.
My /etc/proftpd/sftp.conf
<IfModulemod_sftp.c><VirtualHost 0.0.0.0 fe80::1>
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
SFTPHostKey /etc/ssh/ssh_host_rsa_key
Port 2222
AllowOverwrite on
DefaultRoot /var/customers/webs
</VirtualHost></IfModule>
my /etc/ssh/sshd_config contains
# override default of no subsystems - chagned by tg
# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match User testkunde2
ChrootDirectory /var/customers/webs
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
This is working ritght now. User testkunde2 is jailed in /var/customers/webs
But what i need is a multi user solution.
Question 1: how i could express the match expression for all froxlor users?
I´ve tried
Match Group www-data
ChrootDirectory /var/customers/webs
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no
which don´t match for any reason. As result user is not jailed in any way and have reading root dir access.
Question 2: chroot is only working if dir is owned by root but froxlor home dirs are owned by user. How could this be managed?
This is a question about my personal understanding from froxlor / ssh / sftp. Froxlor home dirs are owned by it´s users. Is there any solution to integrate SFTP user jails for the homedirs of the users?
Question
ThGr
i have managed to setup froxlor with working FTP and SFTP in parallel.
My /etc/proftpd/sftp.conf
my /etc/ssh/sshd_config contains
# override default of no subsystems - chagned by tg # Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp Match User testkunde2 ChrootDirectory /var/customers/webs ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no
This is working ritght now. User testkunde2 is jailed in /var/customers/webs
But what i need is a multi user solution.
Question 1: how i could express the match expression for all froxlor users?
I´ve tried
Match Group www-data ChrootDirectory /var/customers/webs ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no
which don´t match for any reason. As result user is not jailed in any way and have reading root dir access.
User looks like
getent passwd testkunde2 testkunde2:x:10001:10001:th gr:/var/customers/webs/testkunde2/:/bin/sh
Question 2: chroot is only working if dir is owned by root but froxlor home dirs are owned by user. How could this be managed?
This is a question about my personal understanding from froxlor / ssh / sftp. Froxlor home dirs are owned by it´s users. Is there any solution to integrate SFTP user jails for the homedirs of the users?
Thank´s to all in advance!
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now