jailkit-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS

From: Ming Wu
Subject: [Jailkit-dev] [bug #60178] sftp account is not limited at all on CentOS 8
Date: Sun, 7 Mar 2021 10:07:31 -0500 (EST)
User-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36 
Follow-up Comment #7, bug #60178 (project jailkit):

Thanks Olivier! Problem solved. I list below all the steps that may save
others a couple of minitues if they come to this page in the future. After the
steps, user mike can sftp or scp, and only sftp or scp.

Note that all lines begin with "# " are commands typed in CentOS 8 serer as
root.

# u=mike
# adduser $u && echo "$u:$u" | chpasswd

# mkdir /srv/sftpjail
# chown root:root /srv/sftpjail
# chmod 0755 /srv/sftpjail
# jk_init -v -j /srv/sftpjail jk_lsh sftp scp
# jk_jailuser -m -j /srv/sftpjail mike

# cat /etc/passwd | grep mike
mike:x:1006:1008::/srv/sftpjail/./home/mike:/usr/sbin/jk_chrootsh

# cat /srv/sftpjail/etc/passwd | grep mike
mike:x:1006:1008::/home/mike:/usr/sbin/jk_lsh

# cat /srv/sftpjail/etc/jailkit/jk_lsh.ini
[mike]
paths= /usr/libexec/openssh/
executables= /usr/libexec/openssh/sftp-server

# cat /etc/ssh/sshd_config | tail -7
Subsystem       sftp    /usr/libexec/openssh/sftp-server
#Subsystem sftp internal-sftp
Match Group sftpgrp
        X11Forwarding no
        AllowTcpForwarding no
        ChrootDirectory %h
        ForceCommand internal-sftp

    _______________________________________________________

Reply to this item at:

  <https://savannah.nongnu.org/bugs/?60178>

_______________________________________________
  Message sent via Savannah
  https://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]