yum -y install vsftpd
systemctl start vsftpd
systemctl enable vsftpd
systemctl start sshd.service
systemctl enable sshd.service
useradd test
useradd dinesh
passwd dinesh
mkdir -p /var/sftp/uploads
chown root:root /var/sftp
chmod 755 /var/sftp
chown dinesh:dinesh /var/sftp/uploads/
######### Restricting Access to One Directory #########
### In this step, we'll modify the SSH server configuration to disallow terminal access for dinesh but allow file transfer access.
### Let's open the SSH server configuration file with vim or your favourite text editor (here's a short introduction to vim)
vim /etc/ssh/sshd_config
### Scroll to the very bottom of the file and append the following configuration snippet:
Match User dinesh
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
systemctl restart sshd
ssh dinesh@localhost
###### Verifying the Configuration #######
### Next, let's verify if the user can successfully access SFTP for file transfer.
sftp dinesh@localhost
### Instead of an error message, this command will show a successful login message with an interactive prompt.
SFTP prompt
Connected to localhost.
sftp>
### You can list the directory contents using ls in the prompt:
sftp>ls
### This will show the uploads directory that was created in the previous step and return you to the sftp> prompt.
SFTP file list output
uploads
### To verify that the user is indeed restricted to this directory and cannot access any directory above it, you can try changing the directory to the one above it.
sftp> cd ..
### This command will not give an error, but listing the directory contents as before will show no change, proving that the user was not able to switch to the parent directory.
### You have now verified that the restricted configuration works as intended. The newly created dinesh user can access the server only using he SFTP protocol for file transfer and has no ability to access the full shell.
By:- L!nx_r00t
systemctl start vsftpd
systemctl enable vsftpd
systemctl start sshd.service
systemctl enable sshd.service
useradd test
useradd dinesh
passwd dinesh
mkdir -p /var/sftp/uploads
chown root:root /var/sftp
chmod 755 /var/sftp
chown dinesh:dinesh /var/sftp/uploads/
######### Restricting Access to One Directory #########
### In this step, we'll modify the SSH server configuration to disallow terminal access for dinesh but allow file transfer access.
### Let's open the SSH server configuration file with vim or your favourite text editor (here's a short introduction to vim)
vim /etc/ssh/sshd_config
### Scroll to the very bottom of the file and append the following configuration snippet:
Match User dinesh
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
systemctl restart sshd
ssh dinesh@localhost
###### Verifying the Configuration #######
### Next, let's verify if the user can successfully access SFTP for file transfer.
sftp dinesh@localhost
### Instead of an error message, this command will show a successful login message with an interactive prompt.
SFTP prompt
Connected to localhost.
sftp>
### You can list the directory contents using ls in the prompt:
sftp>ls
### This will show the uploads directory that was created in the previous step and return you to the sftp> prompt.
SFTP file list output
uploads
### To verify that the user is indeed restricted to this directory and cannot access any directory above it, you can try changing the directory to the one above it.
sftp> cd ..
### This command will not give an error, but listing the directory contents as before will show no change, proving that the user was not able to switch to the parent directory.
### You have now verified that the restricted configuration works as intended. The newly created dinesh user can access the server only using he SFTP protocol for file transfer and has no ability to access the full shell.
By:- L!nx_r00t
No comments:
Post a Comment