Add sftp jail.
This commit is contained in:
Tom Alexander
17
ansible/roles/sftp/files/sshd_config
Normal file
17
ansible/roles/sftp/files/sshd_config
Normal file
@@ -0,0 +1,17 @@
|
||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
# Only allow sftp users
|
||||
AllowUsers nochainstounlock
|
||||
ChrootDirectory /chroot
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/libexec/sftp-server
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
Match User nochainstounlock
|
||||
X11Forwarding no
|
||||
AllowTcpForwarding no
|
||||
PermitTTY no
|
||||
ForceCommand internal-sftp
|
||||
1
ansible/roles/sftp/files/sshd_rc.conf
Normal file
1
ansible/roles/sftp/files/sshd_rc.conf
Normal file
@@ -0,0 +1 @@
|
||||
sshd_enable="YES"
|
||||
Reference in New Issue
Block a user