eeknay.github.io : SFTP SSH Jail

SFTP SSH Jail

Filesharing in 2012 still sucks. I just wanted a friend to be able to download a large file, more or less instant with not setup hassel.

It turns out this is not possible ;) Windows, Linux, MacOSX dafuq?! Due to serious firewall fuck-up at me friends place I decided to setup an account on my box. But my friend should still be jailed in his home and the transfer and the login should be secured.

Enter SFTP and SSH.

1. Set up his user account friend and create a group stftponly

### 2. Add this to your /etc/ssh/sshd_config file specifying the group behavoir

Match Group sftponly
        ChrootDirectory /home/%u
        ForceCommand    internal-sftp
        AllowTcpForwarding      no

3. Edit your friends shell access the /etc/passwd, i.e., change his shell to /bin/false

friend:x:1001:1001:friend,,,,:/home/friend:/bin/false

4. Set up the rights with optional write access

sudo chown root /home/friend
sudo chmod go-w /home/friend
sudo mkdir /home/friend/writable
sudo chown friend:sftponly /home/friend/writable
sudo chmod ug+rwX /home/friend/writable

This will basically turn /home/friend into a jail for the user with possible editable content (e.g., directories) in it.

20 Jul 2012 | linux, ssh, sftp

Misc

Follow @eeknay23