SFTP and multiple users

11 augusti 2020

Copy the sshd_config file to a separate file:

cp /etc/ssh/sshd_config /etc/ssh/sshd_vhost_config

Append the following to the file:

AllowTCPForwarding no
ChrootDirectory /path/to catalogue
ForceCommand internal-sftp

Match User user1
  ChrootDirectory /path/to catalogue/user1

Match User user2
  ChrootDirectory /path/to catalogue/user2
USER # ssh

Also, you can have to change the port because we will run the SFTP-server separately from the SSH service. So edit the following line:

Port 2222

Create a systemD service in /etc/systemd/system/sshvirtual.system

[Unit]
Description=OpenBSD Secure Shell server for lue
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run  

[Service]
ExecStartPre=/usr/sbin/sshd -f /etc/ssh/sshd_vhost_config -t
ExecStart=/usr/sbin/sshd -D -f /etc/ssh/sshd_vhost_config
ExecReload=/usr/sbin/sshd -f /etc/ssh/sshd_vhost_config -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure 

[Install]
WantedBy=multi-user.target
Alias=sftp-sshd.service

You would also like to have it start when the system starts:

systemctl daemon-reload; systemctl enable sshvirtual; systemctl start sshvirtual

And now, you are able to connect to the SSH server on port 2222.