Goal: sftp/scp only access, without the need for linux users.
I want to provide 10 sftp/scp directories to 10 people. Let's call this "virtual account"
I don't want to create linux users for each of them.
I would like to create one linux user (backup_user). In his home-directory will be 10 directories. For each "virtual account" one directory.
Every virtual account must only see his own files, not the files from an other virtual account.
I would like to use the solution which is provided here: https://serverfault.com/a/88864/90324
In short there will be 10 lines in the authorized_keys file:
~backup_user/.ssh/authorized_keys:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=\
"scp -v -r -d -t ~/CONTENT" ssh-rsa AAAAMYRSAKEY...
I could improve this by a python script and not use the hard coded "scp -v …".
I would like to support scp and sftp.
Is there a way to chroot, to ensure each virtual account can't break out of his jail?
BTW: The idea with authorized_keys and "forced command" is just my current strategy. If there is a better way to each the overall goal, then please tell me 🙂
We are running an OpenSSH server. I would like to stick to it, if possible.
Update
We found a different solution: http. We developed a small and generic file http uploader: https://github.com/guettli/tbzuploader Feedback is welcome
Best Answer
This should be a comment, but its a bit long.
You've failed to adequately describe your objective. While I can make some inferences, extrapolating this to a proposal would be futile.
While there are tools available which allow you to create a server independent of the underlying users, these are cumbersome to setup and restricted in their ability to integrate with with other functions.
It would be much simpler to set up 10 users with keypair based logins and no shell access. But your only clearly stated constraint is that "don't want to create linux users for each of them" - but you provide no explanation of why. OTOH you state you want to use a method based on provisioning users in the OS.