Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • I ISPConfig 3
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 551
    • Issues 551
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 41
    • Merge requests 41
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISPConfig
  • ISPConfig 3
  • Issues
  • #3940

Closed
Open
Created May 31, 2016 by Jens Groh@JeGr

Add SFTP (via SSH) as (better) alternative to FTP(S) Users

Add the Option to create an SFTP User instead of having to run pure-ftpd and use this age-old protocol. FTP/S is an OK'ish workaround for secure transmission of data, but having the option to use SFTP for file transfer uploads would be much better.

SFTP could be used via an addition to the OpenSSH server configuration by adding an option set for a specific group or groups (e.g. sftponly) to force those upload account to only be used for SFTP and not provide a login shell.

As the "webXY" users already exist and point to a directory (/var/www/clients/clientXX/webXY) that is owned by root:root, the requirements for SFTP chrooting are already given. Those SFTP accounts could be created just like the Shell Users function with the exceptions given above.

The following snippet would provide a safe chroot environment

# SFTP Only Users
Match Group sftponly
     X11Forwarding no
     AllowTcpForwarding no
     ChrootDirectory %h
     ForceCommand internal-sftp

A user (e.g. sftp19_webspace) would just get its homedir (e.g. /var/www/clients/client5/web19) without providing a shell (in /etc/passwd) and would get sftp-only as group so to force the chroot active.

Assignee
Assign to
Time tracking