Quest sftp-server uses old libraries, so this creates a miss match and breaks "/opt/quest/libexec/sftp-server"
1) Configure sshd_config:
To make it so we don't have to set up libraries and devices, use internal sftp
Replace:
Subsystem sftp /opt/quest/libexec/sftp-server
with:
Subsystem sftp internal-sftp
At the bottom but above any other Match, add:
Match Group ftpchrt
ForceCommand internal-sftp
ChrootDirectory /home/ftp/chroot/%u
AllowTcpForwarding no
X11Forwarding no
This will force all users in the “ftpchrt” group into their own home directory in a “chroot” under /home/ftp.
Each user will have their own home directory under their name.
2) Set up the “chroot” holder:
mkdir -p /home/ftp/chroot
chown root:system /home /home/ftp /home/ftp/chroot
# Chroot requires root ownership of all files up to the root.
3) For each user that will be using this:
export MUSER=<name>
mkdir /home/ftp/chroot/$MUSER
chown root:system /home/ftp/chroot/$MUSER
#This will be that individual user's whole world.
#Then inside there they need their home directory:
mkdir -p /home/ftp/chroot/$MUSER/home/$MUSER
chown $MUSER:ftpchrt /home/ftp/chroot/$MUSER/home/$MUSER
chmod 770 /home/ftp/chroot/$MUSER/home/$MUSER
touch /home/ftp/chroot/$MUSER/THIS_IS_CHROOT_FOR_$MUSER
# The above is for any account.
# For a NEW user, then set up the home directory as before, just with the new location:
/home/ftp/chroot/$MUSER/home/$MUSER
# The user's home directory location on disk is /home/ftp/chroot/$MUSER/home/$MUSER, but once in chroot, it will be /home/$MUSER.
# To migrate EXISTING users, that already have a home directory:
cp -pr /home/ftp/home/$MUSER /home/ftp/chroot/$MUSER/home/$MUSER
cp -pr /home/ftp/home/$MUSER/.[a-zA-Z0-9]* /home/ftp/chroot/$MUSER/home/$MUSER/
Then when using sftp, add to use the new port.
sftp -oPort=2020 <user>@<host>
This allows the sshd_config settings to be tested without disrupting the current setup.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center