DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2014-10-15 18:17:39
- Medvidek
- Member
- Registered: 2011-04-22
- Posts: 25
Restrict SFTP users to home folder
Hi,
I'm trying to lock SFTP users in their home directory on my DNS-320 with fun plug 0.7 installed. Found some info on web "http://www.fullybaked.co.uk/articles/chroot-ssh-ftp-users-to-home-directory" and "https://bensmann.no/restrict-sftp-users-to-home-folder/".
I do not want to break up ssh connections so I would like to ask experienced users for advise.
According to guides I need to add following lines to the very end of /etc/ssh/sshd_config file to.
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
-------
Current sshd_config files ends with following lines and I'm not sure what to do with line "Subsystem sftp /ffp/libexec/sftp-server". Should I leave it or delete it?
Current sshd_config file ending lines:
# override default of no subsystems
Subsystem sftp /ffp/libexec/sftp-server
-------
Other procedures from guides are easy ... create home user directory; group etc.
Thanks for any help.
Offline
#2 2014-10-15 21:01:44
- Mijzelf
- Member / Developer
- Registered: 2008-07-05
- Posts: 709
Re: Restrict SFTP users to home folder
I think you should remove it. You can have only one sftp subsystem, and you already specified the internal one. I wouldn't be surprised if you can't use an external one, as it can't be found in the chroot.
Offline
#3 2014-10-16 15:52:55
- Medvidek
- Member
- Registered: 2011-04-22
- Posts: 25
Re: Restrict SFTP users to home folder
Hi,
First of all thanks for help. I've tried it but it doesn't work for me 
(.
What I did:
edited "/etc/ssh/sshd_config"
Created user and group
usermod -s /bin/false username
restarted ssh service
After that I wasn't able to connect with created user "Authentication failed". When reverting changes in sshd_confing and restart of ssh service it worked O.K.
Seems that locking user in his home directory for sftp connection is unfortunately too hard for me (I guess more changes are needed).
Offline