Limit documentroot on SFTP with SSHD

Question

I use proFTPD on debian 8. For some reasons i need users that can only access to their documentroot. I already configured this and it works but only when i connect in FTP.

If the user connect on SFTP, he will be able to access at the entire FTP.

How can i do ?

EDIT :

I found how to correct my problem.

1) I stoped proFTD because it cause problems. I swich on the default SSH server od my debian server

2) All of the folders are owned by root:root and with 755 perms. In my case, it was /, /var, /var/www, and /var/www/dev

3) The SSHD config was :

Subsystem sftp internal-sftp Match Group dev ChrootDirectory /var/www/dev ForceCommand internal-sftp AllowTcpForwarding no

score 0 · Answer 1 · answered Mar 08 '20 at 16:49

0

In order to make a secure connection to a FTP server, you can use any application that support SFTP. SFTP (commonly referred to as Secure File Transfer Protocol ) can perform secure file transfers.

answered Mar 08 '20 at 16:49

Sam Mollaei

1

score 0 · Accepted Answer · answered Mar 08 '20 at 20:21

If you want to restrict some SFTP users to a subdirectory of your filesystem, you can use the ChrootDirectory option in your OpenSSH server config.

Let's assume you want restrict the users of group ftp-users to access only the /var/ftp/%username% directory (where %username% is their username). Then you could use:

Subsystem sftp internal-sftp
Match group ftp-users
    ChrootDirectory /var/ftp/%u

In the ChrootDirectory option you can use %u for the username, %U for the user id or %h for the user's home directory.

Limit documentroot on SFTP with SSHD

2 Answers2

Linked