Tornar ocultas pastas invisíveis sftp

2

Meu cliente precisava do servidor sftp para compartilhar arquivos, então criei o servidor sftp em uma máquina amazon ec2 ubuntu e adicionei usuários diferentes.

Agora a necessidade deles é que quando o usuário fizer login no servidor sftp através do winscp ou de algum outro cliente, eles devem poder ver apenas suas próprias pastas no diretório inicial, as outras pastas não devem estar visíveis para eles. Também em seus diretórios home, eles não devem ver nenhum arquivo ou pasta que comece com ponto (.).

Isso é possível? por exemplo. veja o link abaixo, eu só quero que meu cliente veja / acesse a pasta Transcript, nada mais.

    
por Neeraj 30.10.2014 / 09:49

1 resposta

-1

Obrigado a todos, finalmente este link me ajudou a realizar minha tarefa. link

This consists of three parts:

  • setting up an sftp site on EC2
  • creating a new user account
  • configuring the new user account to do read-only ftp, with no ssh privileges

This is intended for transferring files to and from trusted users. I use this as an adequate solution for occasionally sending very large files to clients, using an EC2 instance dedicated to that task. After the transfer is complete, I shut down or delete the instance.

Set up a server using Amazon Web Services EC2, choosing an Ubuntu Amazon Machine Image (AMI). (You can find an AMI using http://cloud.ubuntu.com/ami/. You may want to choose one that’s free tier eligible, such as ami-1aad5273)

ssh into the server:

ssh -i keyfile.pem [email protected]

Install vsftpd:

sudo apt-get install vsftpd

Create a new user:

sudo adduser newusername

Using the AWS Management Console, generate a new key pair for the third-party user.

Using puttygen, import the new key (keyname.pem) and copy its public key.

On the server, create the .ssh directory for the new user:

sudo mkdir /home/newusername/.ssh

Paste the public key into /home/newusername/.ssh/authorized_keys.

Set permissions:

sudo chmod 700 /home/newusername/.ssh

sudo chmod 600 /home/newusername/.ssh/authorized_keys

sudo chown -R newusername:newusername /home/newusername/.ssh

Test the new user’s sftp login from your local machine:

sftp -o IdentityFile=newkeypair1.pem
[email protected]

Make a new group for users who should be limited to using only sftp:

sudo groupadd sftponly

sudo adduser newusername sftponly

Edit /etc/ssh/sshd_config and change the Subsystem line to:

Subsystem sftp internal-sftp

and add these lines to the end of /etc/ssh/sshd_config:

Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Set permissions, without clobbering files necessary for EC2’s key-based authentication:

sudo chown root:root /home/newusername

sudo chown -R newusername:newusername /home/newusername/.ssh

sudo /etc/init.d/ssh restart

Now the new user can connect by sftp, but not by ssh. Place the files you want to share in /home/newusername, and share the key with the user.

    
por 31.10.2014 / 10:48