| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 122382 | 2011-12-18 18:42:00 | sftp for users | jcr1 (893) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1249342 | 2011-12-18 18:42:00 | I'm trying to give users access to their own files on my server, without them being able to change any other users files. I've come to a stop, because I can't connect with filezilla, if the AllowGroups and Match Groups are the same. If Match Group is shown as a different Group to the Group that contains the user I want to give access to, then it works. But that defeats the purpose as I can't then go on to lock that user down to be able to use his own files only. If some one could enlighten me, that would be great. Here is my sshd_config file; # Package generated configuration file # See the sshd(8) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes # To enable empty passwords, change to yes (NOT RECOMMENDED) PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords #PasswordAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosGetAFSToken no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes X11Forwarding no #allow x11 connection forwarding = no X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net # Allow client to pass locale environment variables AcceptEnv LANG LC_* #Subsystem sftp /usr/lib/openssh/sftp-server # Use the following line to *replace* any existing 'Subsystem' line AllowGroups root john mysftpusers #AllowUsers root john roommate1 jdoe GatewayPorts no KeepAlive yes UsePAM yes PermitTunnel no Subsystem sftp internal-sftp # These lines must appear at the *end* of sshd_config* Match Group mysftpusers AllowTcpForwarding no ChrootDirectory %h* ForceCommand internal-sftp |
jcr1 (893) | ||
| 1249343 | 2011-12-19 20:10:00 | Fixed it. Kev, http://woodel.com/ got me a new sshd_config file and I started again. Probably, as I chopped and changed, copied and pasted I'd left unseen stuff behind which stopped it from working properly. Kev recommends getting into the habit of using notepad and then copying and pasting. But it's fine now and any users I chose, can use space on my server without going near any of the important stuff. I feel like I've achieved something here. |
jcr1 (893) | ||
| 1 | |||||