Vote

Open SSH helps you to realize a restricted access because it can be useful to prevent a user from attaching system folders other than your personal folder.

OpenSSH

OpenSSH includes the function ChrootDirectory since OpenSSH 4.9 version, the following command can install OpenSSH if it is not already integrated to your system :

Please take into account that the following modifications allow the user to a restricted access in the assigned SFTP folder and deprives him of his right to connection in SSH


User rights

Now we can :
– create a group for restricted users,
– create our restricted user,
– change the configuration of his home folder (it must belong to root to be chrooted) and its content :


Chroot configuration

All there’s left is to configure OpenSSH by editing its configuration file /etc/ssh/sshd_config :

Definition of the group to whom restriction is applied.

Definition of the restriction file, that is the home folder of each concerned users.

Disable X11Forwarding.

Disable TCPForwarding.

The service must be restarted :

It may be useful to disable the restriction for a particular user via the following configuration :


Categories: SystemTutorials

JN Community

Les Ressources, en particulier les tutoriaux, présupposent que l’Utilisateur qui décide de les mettre en œuvre dispose des connaissances, des compétences et de l’expérience nécessaire pour cette mise en œuvre. L’Utilisateur disposant d’une connaissance, compétence et/ou expérience limitée ou insuffisante doit absolument s’abstenir de mettre en œuvre les Ressources par lui-même. Jaguar Network décline toute responsabilité quant aux conséquences dommageables de la mise en œuvre des Ressources, notamment sur les infrastructures informatiques de l’Utilisateur, de ses commettants ou préposés ou de tout tiers. Il est précisé en tant que de besoin que toute intervention de Jaguar Network visant à réparer les dommages causés par la mise en œuvre des Ressources par un Utilisateur ne disposant pas des connaissances, compétences et/ou expériences suffisantes sera facturée et fera l’objet d’un devis préalable et d’un bon de commande aux conditions des contrats Jaguar Network en vigueur.

Related Posts

System

Shutdown and restart your Linux system

Vote On Linux system, there are a lot of commands to shutdown and reboot your system. This tutorial aims to detail some existing possibilities. Articles similaires

System

Installation of a web server LEMP (Linux, Nginx, MySQL, PHP)

Vote The installation of a server LEMP Linux + Nginx + MySQL + PHP might be more useful and efficient than an Apache (server LAMP). Articles similaires

System

Operating load-balancing with HAproxy

Vote HAproxy is a software allowing Load-Balancing between several web servers by allocating requests in an almost transparent way for the user. Articles similaires