Locked myself out of server - I think
In attempt to create a new user and restrict its access to SFTP, and access only to a specified direction, I found the question referenced in the link on the next line. Following the solution posted to this question (https://www.digitalocean.com/community/questions/how-do-i-restrict-a-user-to-a-specific-directory) I successfully created a new user and group which I want to restrict to a specified “home” directory.
I followed each step carefully, including the second part of Step 5, which states, “If that line does not exist, …” and since the line DOES exist, I did not include the below text in my SSHD config:
Subsystem sftp internal-sftp
Match group sftpusers ChrootDirectory %h ForceCommand internal-sftp
I continued following the step-by-step and restarted SSH. I checked to make sure the user existed in the correct directory with ’/etc/passwd’ and it all checked out. Created a new droplet for this user in my FTP program and it wouldn’t log in. Went back to Terminal and my connection (from sudoer) was broken. Login with new user didn’t work - as I had hoped; but then login from sudoer didn’t work either - connection refused. Login with root returned same results.
I am really hoping this is not as bad as it seems, and hoping someone here can help out.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×