SFTP chroot and SSH keys

Michele Lombardo · Aug 2, 2016

Dear all,
I've spent all day trying to figure out how to chroot a sftp user. But I couldn't. The best result I got is each user can access its home folder (can read and write), but he can also see my /mnt folder and volumes folders (but he can't access them).

Honestly I would like to have those upper folders invisible, and let him only sees his home folder.

I've been trying extra setting in SSH window, adding code to ssh_config... but without any success.

I'm running FN 9.1 stable.
I attach here a few screenshots to show my settings.

Once I'll figure it out, I'd like to use public key method to login. How can I do that?

Thank you

dlavigne · Aug 3, 2016

Have you considered using http://doc.freenas.org/9.10/freenas_services.html#scp-only instead? In other words, do users need a shell account or do they only need to scp/sftp? Note that most non-Unix utilities will bypass the chroot though...

anodos · Aug 5, 2016

dlavigne said:
Have you considered using http://doc.freenas.org/9.10/freenas_services.html#scp-only instead? In other words, do users need a shell account or do they only need to scp/sftp? Note that most non-Unix utilities will bypass the chroot though...

Even if you add something like this to your sshd_config:

Code:

Match Group sftponly
  ChrootDirectory /mnt/Tank/foo
  ForceCommand internal-sftp
  AllowTcpForwarding no
  PermitTunnel no

I assumed the "ForceCommand" parameter prevents using the SSH session for other purposes than SFTP.

Important Announcement for the TrueNAS Community.

SFTP chroot and SSH keys

Michele Lombardo

Dabbler

Attachments

dlavigne

Guest

anodos

Sambassador

Similar threads