{{tag>SSH SFTP Sécurité}}
= Access SFTP sans shell
Voir :
* https://access.redhat.com/solutions/2399571
Voir également :
* rssh
* mysecureshell
Ou pour un acces exclusif en SFTP :
#usermod -s /usr/lib/openssh/sftp-server username
echo "/usr/lib/openssh/sftp-server" >> /etc/shells
Source : http://www.debian-administration.org/article/94/How_to_restrict_users_to_SFTP_only_instead_of_SSH
-----------
Comme bash figure dans /etc/shells, c'est ok
''/usr/local/bin/sftp.sh''
#! /bin/bash
/usr/lib/openssh/sftp-server -l INFO
chmod +x /usr/local/bin/sftp.sh
Tout est log dans /var/log/auth.log
''/etc/passwd''
test:x:1003:1003:,,,:/home/test:/usr/local/bin/sftp.sh
== Notes MySecureShell
''/etc/ssh/sftp_config''
#Home /home/$USER #overrite home of the user but if you want you can use
# environment variable (ie: Home /home/$USER)
#LimitConnection 10 #max connection for the server sftp
#LimitConnectionByUser 1 #max connection for the account
#LimitConnectionByIP 2 #max connection by ip for the account
LimitConnection 10 #max connection for the server sftp
LimitConnectionByUser 5 #max connection for the account
LimitConnectionByIP 10 #max connection by ip for the account
''/etc/shells''
/usr/bin/mysecureshell
/etc/init.d/mysecureshell restart
usermod -s /usr/bin/mysecureshell sftpuser
# sftp-verif
Verifing file rights of /usr/bin/mysecureshell [ FAILED ]
Rights problems have been detected 0755 and should be 4755
Do you want to repair /usr/bin/mysecureshell file rights ? (Y/n)
=== Debug
Voir : /var/log/sftp-server.log
== Autres
useradd sftp_download -s /sbin/nologin -
passwd sftp_download
mkdir /download
# override default of no subsystems
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory /upload
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
ForceCommand internal-sftp -d /%u
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
# PasswordAuthentication no