I set up scponly to permit some of my users, for whom I host websites, to use sftp/scp to transfer files to the server but refuse them to login with a fully functional shell. After configuring scponly to chroot to the users home directory and some initial tests it worked very well with Transmit on the Mac, Filezilla on Windows and Putty/Terminal. The only thing that didn’t work was using Dreamweaver in SFTP mode to connect to the server.
After a bit of digging around me & Herbert found out that Dreamweaver will only communicate with the SSH server if you change the config from the Debian-standard, refusing “tunneled clear text passwords”, to permiting it in /etc/ssh/sshd_config.
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication yes
After a quick /etc/init.d/ssh restart
Dreamweaver was able to log in as well 🙂
To set up chroot for scponly on a Debian system do the following:
- unzip the chroot script in /usr/share/doc/scponly/setup_chroot
- chmod +x setup_chroot.sh
- ./setup_chroot.sh
- type in the user you want to have scponly access
- accept the default for home directory
- type in the directory to be user writeable (in my case “www”)
- choose a password
- optional: compile the groups.c file in /usr/share/doc/scponly gcc -o groups groups.c and move it to the chroot mv groups /home/user/bin/.
…simple as that 🙂