Skip to main content

Limiting Access with SFTP Jails on Ubuntu

This post is based on this article with it's comments.

In the /etc/ssh/sshd_config file edit the Subsystem like this:
Subsystem sftp internal-sftp
Add these to the end of the file:
Match group filetransfer
  ChrootDirectory %h
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp
Finally restart the OpenSSH server:
service ssh restart
Create the group for sftp access:
addgroup filetransfer
If you add this group to existing users, then they will be prevented to login via remote shell, though still be available through su.
usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
Now users cannot create anything in their jail, but it can be tuned with the last command. Though I personally use this technique to jail those users that are able to manage their own websites' content through sftp. I add those web directories through mount's bind option as the normal symlinks won't work. You can either add bindings via the /etc/fstab like this:
/existing/dir /dir/pointing/to/existing/one auto bind 0 0
or via the command line:
mount -o bind /existing/dir /dir/pointing/to/existing/one

Labels:

Popular posts from this blog

Shrink Vmware Workstation Ubuntu guest's VMDK file size physically on Windows host

I will be short on the topic as you too only seeking the resolution to the problem in the title. This tutorial is based on using Vmware Workstation 11 on Windows 8.1 host using an Ubuntu 14.04 guest. Note : you have to have the vmware tools, client additions installed on the quest machine! First go to the Vmware client's terminal when you are ready to shrink it down and type: sudo vmware-toolbox-cmd disk list This will give you the mount points that can be shrinked individually. For me I will only go with shrinking the main disk with "/" (root). First lets wipe the free space clean so the shrinker will know what is free to get rid of: sudo vmware-toolbox-cmd disk wipe / To shrink: sudo vmware-toolbox-cmd disk shrink / That's it, after the process in my case I've had a 4.4G file shrinked down to 1.7G, which is much closer to what the client OS saw (1.5G).
Read more

Login to Ubuntu with Yubikey

DISCLAIMER: I am by no means responsible for anyone using this tutorial to lock herself out of their system, nor for any damage, data loss, etc. You get the idea, use this at your own risk. With that out of the way, let's get to the fun part. This tutorial will outline the steps I used in my current Xubuntu (Ubuntu with Xfce) 16.04 to enable my Yubikey as a hardware key as a requirement to log in. I am using the default eCryptFS encryption method to encrypt a private folder (not my home folder) which also keeps unlocking when my user logs in. This process worked on my Arch desktop too, which I took from this genius post: https://blog.jamesthebard.net/archlinux-and-u2f-login/ Big thanks and credit to him! This tutorial will be mostly copy-paste, though I wish to do it with the Ubuntu specifics. The login manager I am using is LightDM , I also removed the screensaver that comes with Xubuntu out of the box. On Arch I was able to use GDM with success....
Read more

Directory tree in Bash

I was recently searching for a bash script that could be used to create the skeleton of a yaml file containing directory structure. The best material I found is here: http://systembash.com/content/one-line-linux-command-to-print-out-directory-tree-listing/ With the modification of this line: find ./ -type d | sed -e 's/[^-][^\/]*\//--/g;s/--/ |-/' I managed to produce the best skeleton: find ./ | sed -e 's/[^\/]*\// /g' Since I still have to shape this file up with more data I am not bothering with finding a method to put the ':' at the end of each directory as I can do it myself with little effort. I use Vim's visual mode to get rid of the extra leading spaces at each line.
Read more