Privilege "User - System: Copy files to home directory (chrooted scp)"
-
Good day,
We are trying to enable a user to connect to pfsense via SFTP (or SCP) and copy a file FROM their home directory.
In 2.3+, there is an user privilege "User - System: Copy files to home directory (chrooted scp)".However, by assigning this by itself and connecting doesn't work; in System log the following appears:
Dec 3 17:40:19 scponly 67159 failed: /usr/libexec/sftp-server with error No such file or directory(2) (username: testuser(2000), IP/port: xxx.xxx.xxx.xxx 50690 22)
Ok, so in the privilege there is a cryptic reference to the following:
Warning: Manual chroot setup required, see /usr/local/etc/rc.d/scponlyc
I opened the file, but it doesn't explain how to do this chroot setup.
I found the following information regarding all this:
Add the following lines to /etc/rc.conf to enable scponly:
scponlyc_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable scponly
scponlyc_shells (str): Set to "/etc/shells" by default.
scponlyc_passwd (str): Set to "/etc/passwd" by default.
To setup chroot cage, run the following commands:
1) cd /usr/local/share/examples/scponly/ && /bin/sh setup_chroot.sh
2) Set scponlyc_enable="YES" in /etc/rc.conf
3) Run /usr/local/etc/rc.d/scponly startSo my question is whether
a) This is the right way to grant SFTP/SCP-read only access to the home directory and
b) Whether there is a better way.Any help would be appreciated.
-
@namezero111111 now in 2023 i wanna know too... o have the same questions... any advanced ?
-
What exactly are you trying to do?
-
@stephenw10
https://forum.netgate.com/topic/181276/add-user-and-enable-chroot-ssh-scp-access -
R rcfa referenced this topic on
-
FYI, here are the results of my investigation
https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6
any improvements (and I wish there are) are welcome!
