Question
Setup a secondary SSH/SFTP user with limited directory access.
I am trying to create a new secondary user that has access to SFTP files and SSH access to a specific directory.
I have the SFTP work, but when I try to login via SSH, I get the following error: Write failed: Broken pipe
The root user uses a public/private key, but I want the secondary user to use a password.
Here is what I have so far:
useradd test
passwd test
usermod -G www-data test
usermod -d /usr/share/nginx/html test
chown test:www-data /usr/share/nginx/html
As for additions to my sshd_config
:
AllowUsers test
Match User test
ChrootDirectory /usr/share/nginx/html
PasswordAuthentication yes
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
All I have left todo is to get the test user to be able access the CLI in their home directory to run composer and artisan commands.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
when you ssh in, you can add -v which will give you verbose output (helps figure out the problem)
Directory
/usr/share/nginx/html
must be owned by root and content into this directory must belong to test:www-data. Or you gonna get an ssh error: fatal:bad ownership or modes for chroot directory component
So we need to execute:
I followed these instructions but can’t login with:
The error message says the following:
Could not chdir to home directory /usr/share/nginx/html: No such file or directory
This service allows sftp connections only.
Connection to xxx.xxx.xxx.xxx closed.
Does anyone know how to fix that?