SFTP

Published: 2012-07-19

FTP is unencrypted and thus insecure. Instead, use SFTP.

Providing Chrooted SFTP via OpenSSH

OpenSSH with its sshd server provides functionality for an SFTP server. It also allows pseudo-chrooting, without the hassle of copying, duplicating and/or linking your environment. This will limit the user to a specific directory.

/etc/ssh/sshd_config

change Subsystem sftp /usr/lib/openssh/sftp-server to Subsystem sftp internal-sftp

and at the bottom add

#Match Group users,!root
Match User acc-web-sftp
 X11Forwarding no
 AllowTcpForwarding no
 ChrootDirectory %h
Then, make sure the users home directory is owned by root:root (user root and group root), and has write-access only to root. (As chrooting to it requires just that.)

Providing SFTP with RSSH-shell

> apt-get install rssh

RSSH provides a shell (at /usr/bin/rssh) which allows you to specify permissions in /etc/rssh.conf

umask = 022
user = acc-ftp-myuser1:007:000100: