First off, I am new to this things so my technical vocabulary may not be on par with everyone.
I have created a Windows 2016 server and installed OpenSSH SFTP server successfully. Unfortunately when I login to my SFTP user, I am able to access all the folders in C drive. I Googled and understand that this is because there is no restriction set on this user.
I have googled for several hours and came across many articles but I am getting confused by it. It seems like OpenSSH do not have an easy way to control the folder restriction to specify user and there are a few ways to do it – setting the user group policy in Windows server directly (can't seem to find an article on this), download Cygwin, use other SFTP server software, workaround with OpenSSH server config file. To be frank, I am at a loss here on which to use or follow.
My end result is to allow 1 user to have 1 access to a folder under FTP_Folder (root folder). For example, User1 can only access to Site1 folder, and User2 can only access to Site2 folder. Both Site1 and Site2 folders are stored in a root folder called FTP_Folder.
What is the best approach?
Best Answer
You are most likely searching for the
chroot
equivalentChrootDirectory
in your%programdata%\ssh\sshd_config
file.This directive is only supported with sftp sessions, which sounds to me is what you are searchivn for. A remote session (SSH) into the server (
cmd.exe
oderpowershell.exe
) would not honor this.To setup a sftp-only chroot server, set
ForceCommand
tointernal-sftp
. You may also set up scp with chroot, by implementing a custom shell that would only allow scp and sftp.To make this simple:
subsystem sftp internal-sftp
to your sshd_config (or change it)ChrootDirectory
insshd_config
Like this, for Example: