vsftpd: access SFTP on local user without shell access with specific directory

Question

I'm trying to configure vsftpd on my vps in order to access SFTP from Transmit/FileZilla. I've opted for SFTP and the OpenSSL is configured, but I can't seem to manage to add a new user only for FTP-accessing and restrict it for the /home directory only.

Thus, the /home is where I keep my WWW server files and I want a new user to have full access to that directory (chroot).

vsftpd is now capable of allowing the root user to access ftp, but I want to restrict that only for a specific username to allow SFTP accessing.

Some info from vsftpd.conf:

anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 chroot_local_user=YES chroot_list_file=/etc/vsftpd/chroot_list local_root=/home ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem 

chroot_list was the file where I added my user "max" to access FTP, but I've removed the user after multiple times where I tried to have it accessing the SFTP.

vsftpd allows a new user to login, but fails when inserting the password. root is ok.

Also, is there any changes to allow specific IP-address to access SFTP?

Thank you.

Answer 1

Sorry but it looks like you are confusing the protocols. I.e. SFTP and FTPS. SFTP is for SSH FTPS is used for and by the FTP server.

If you really want to lock the user down. Add /usr/sbin/nologin /etc/shells (this will stop SSH access) Add your user 'max' to /etc/vsftpd/chroot_list

Configure your filezilla to use FTPS

Answer 2

To get sftp chroot working you could forget about vsftpd and just configure openssh to do that - http://www.techrepublic.com/blog/opensource/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/229