From aaf4a8676b46b12ebab25120ecb417d8ec25ea55 Mon Sep 17 00:00:00 2001 From: Angel Date: Mon, 22 Jan 2018 14:46:11 -0500 Subject: [PATCH 1/4] Update the SFTP guide --- ...ss-with-sftp-jails-on-debian-and-ubuntu.md | 31 +++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md index a0576c094a9..c67d8a2fc3a 100644 --- a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md +++ b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md @@ -3,6 +3,7 @@ author: name: Linode email: docs@linode.com description: 'Restricting remote users to their home directories, only allowing access to SFTP for transferring files.' +og_description: 'SFTP Jails restricits remote users to their home directories.' keywords: ["sftp", "sftp jail", "openssh", "ssh jail"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['security/sftp-jails/'] @@ -34,13 +35,13 @@ First, you need to configure OpenSSH. 2. Add or modify the `Subsystem sftp` line to look like the following: - {{< file-excerpt "/etc/ssh/sshd\_config" >}} + {{< file-excerpt "/etc/ssh/sshd_config" >}} Subsystem sftp internal-sftp {{< /file-excerpt >}} 3. Add this block of settings to the end of the file: - {{< file-excerpt "/etc/ssh/sshd\_config" >}} + {{< file-excerpt "/etc/ssh/sshd_config" >}} Match Group filetransfer ChrootDirectory %h X11Forwarding no @@ -79,3 +80,29 @@ In this section, we'll set up the correct new groups, ownership, and permissions chown username:filetransfer * Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn't be able to see the rest of your Linode's filesystem. + +## Use SFTP on your Linode + +1. From the terminal use sftp: + + sftp username@ + + You can use the `help` command to see what commands you have access too within the SFTP shell. You have the ability to `pwd`, `cd` and `ls`, for instance. There are also commands like `lpwd`, that will print the **local** working directory. In the local home directory type `touch test.txt` + +2. Transfer local files to the remote system: + + cd docs + put test.txt + +3. Transfer files to the local system from the remote system: + + get test.txt + +4. You can test the file permissions by navigating to a different directory within the SFTP shell, and trying to transfer a file. + + sftp> put test.txt /tmp/ + Uploading test.txt to /tmp/ + remote open("/tmp/"): Failure + +5. Exit the session with the `exit` command. + From 4f9a653bc3b3021da4b68d49e47ac3e76b6e80c1 Mon Sep 17 00:00:00 2001 From: Angel Date: Mon, 22 Jan 2018 14:49:23 -0500 Subject: [PATCH 2/4] Update limiting-access-with-sftp-jails-on-debian-and-ubuntu.md --- .../limiting-access-with-sftp-jails-on-debian-and-ubuntu.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md index c67d8a2fc3a..8872d0fb941 100644 --- a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md +++ b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md @@ -7,7 +7,7 @@ og_description: 'SFTP Jails restricits remote users to their home directories.' keywords: ["sftp", "sftp jail", "openssh", "ssh jail"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['security/sftp-jails/'] -modified: 2014-04-16 +modified: 2018-01-22 modified_by: name: Linode published: 2010-01-06 From 46a32bf59fc72a4884c5550332b7128a02ebe75c Mon Sep 17 00:00:00 2001 From: Angel Date: Mon, 22 Jan 2018 15:18:23 -0500 Subject: [PATCH 3/4] travis --- ...ting-access-with-sftp-jails-on-debian-and-ubuntu.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md index 8872d0fb941..8cf964c4385 100644 --- a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md +++ b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md @@ -3,7 +3,7 @@ author: name: Linode email: docs@linode.com description: 'Restricting remote users to their home directories, only allowing access to SFTP for transferring files.' -og_description: 'SFTP Jails restricits remote users to their home directories.' +og_description: 'SFTP Jails restricits remote users to their home directories.' keywords: ["sftp", "sftp jail", "openssh", "ssh jail"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['security/sftp-jails/'] @@ -86,14 +86,14 @@ Your users should now be able to log into their accounts via SFTP and transfer f 1. From the terminal use sftp: sftp username@ - + You can use the `help` command to see what commands you have access too within the SFTP shell. You have the ability to `pwd`, `cd` and `ls`, for instance. There are also commands like `lpwd`, that will print the **local** working directory. In the local home directory type `touch test.txt` 2. Transfer local files to the remote system: cd docs put test.txt - + 3. Transfer files to the local system from the remote system: get test.txt @@ -103,6 +103,6 @@ Your users should now be able to log into their accounts via SFTP and transfer f sftp> put test.txt /tmp/ Uploading test.txt to /tmp/ remote open("/tmp/"): Failure - -5. Exit the session with the `exit` command. + +5. Exit the session with the `exit` command. From bd1e3997b4d08bd828de4534026f526b0dfd1e87 Mon Sep 17 00:00:00 2001 From: Jared Kobos Date: Mon, 29 Jan 2018 12:04:13 -0500 Subject: [PATCH 4/4] Final check --- ...ss-with-sftp-jails-on-debian-and-ubuntu.md | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md index 8cf964c4385..75ba0ae4693 100644 --- a/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md +++ b/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu.md @@ -7,7 +7,7 @@ og_description: 'SFTP Jails restricits remote users to their home directories.' keywords: ["sftp", "sftp jail", "openssh", "ssh jail"] license: '[CC BY-ND 4.0](https://creativecommons.org/licenses/by-nd/4.0)' aliases: ['security/sftp-jails/'] -modified: 2018-01-22 +modified: 2018-01-29 modified_by: name: Linode published: 2010-01-06 @@ -17,7 +17,7 @@ external_resources: - '[An Introduction to Users and Groups](/docs/tools-reference/linux-users-and-groups)' --- -As the system administrator for your Linode, you may want to give your users the ability to securely upload files to your server. The most common way to do this is to allow file transfers via SFTP, which uses SSH to provide encryption. This means you need to give your users SSH logins. But, by default, SSH users are able to view your Linode's entire filesystem, which may not be desirable. +As the system administrator for your Linode, you may want to give your users the ability to securely upload files to your server. The most common way to do this is to allow file transfers via Secure File Transfer Protocol (SFTP), which uses SSH to provide encryption. This requires that you give your users SSH logins. However, by default SSH users are able to view your Linode's entire filesystem, which may not be desirable. ![Limiting Access with SFTP Jails on Debian and Ubuntu](/docs/assets/limiting-access-with-sftp-jails-on-debian-and-ubuntu.png) @@ -27,8 +27,6 @@ These instructions will work for Ubuntu 9.04, Debian 5, and later. Unfortunately ## Configure OpenSSH -First, you need to configure OpenSSH. - 1. Edit your `/etc/ssh/sshd_config` file with your favorite text editor: vim /etc/ssh/sshd_config @@ -49,17 +47,17 @@ Match Group filetransfer ForceCommand internal-sftp {{< /file-excerpt >}} - Save the changes to your file. + Save the changes to your file. 4. Restart OpenSSH: service ssh restart -OpenSSH has been successfully modified. + OpenSSH has been successfully modified. ## Modify User Accounts -In this section, we'll set up the correct new groups, ownership, and permissions for your user accounts. +This section will set up the correct groups, ownership, and permissions for your user accounts. 1. Create a system group for users whom you want to restrict to SFTP access: @@ -79,11 +77,11 @@ In this section, we'll set up the correct new groups, ownership, and permissions mkdir docs public_html chown username:filetransfer * -Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn't be able to see the rest of your Linode's filesystem. + Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn't be able to see the rest of your Linode's filesystem. -## Use SFTP on your Linode +## Use SFTP -1. From the terminal use sftp: +1. Use `sftp` from the terminal: sftp username@ @@ -105,4 +103,3 @@ Your users should now be able to log into their accounts via SFTP and transfer f remote open("/tmp/"): Failure 5. Exit the session with the `exit` command. -