View Single Post
Old 31st July 2012, 20:14
driverdave driverdave is offline
Junior Member
Join Date: Nov 2008
Posts: 11
Thanks: 0
Thanked 5 Times in 2 Posts

i've made some progress.

first, the subsystem in sshd_config needs to be edited.

vi /etc/ssh/sshd_config


Subsystem sftp /usr/lib/openssh/sftp-server


Subsystem sftp internal-sftp

this will allow you to SFTP, but the user is not actually jailed to any directory. to do this, you need to add the following to sshd_config

Match Group client0
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

%h is the user's home directory. this needs to be owned by root in order for the jail to work.

and finally, you need to create a directory for the user to SFTP files into in their home directory, with the user's permissions.

i'm going to dig around ispconfig's code to see if i can automate this. or maybe add users outside of ispconfig, since i think the root permissions on their directories may not be the best thing.
Reply With Quote