I need to give access to a folder to a user who needs to work with Wordpress sites over SFTP.
What I would like to do is to make sure that:
He cannot run SSH, just SFTP
He cannot see anything from the filesystem other than /home/userdir
From what I read this is exactly chrooting, however I have a few problems setting it up. I am on Debian 6 with Dropbear as SSH daemon.
A few questions:
\1. Originally my sftp subsystem was set up like this in /etc/ssh/sshd_config:
Subsystem sftp /usr/lib/openssh/sftp-server -u 0007
now in most tutorials it says that I have to change it to:
Subsystem sftp internal-sftp
Is this correct? Doesn't internal-sftp mean dropbear in my case? Should I change to openssh for chrooted SFTP accounts?
\2. Some tutorials ask to disable the user's shell with usermod -s /bin/false someuser. However when I do this, it disables SFTP as well. Is this normal?
\3. Finally tutorials usually note the following lines in the sshd_conf for the actual chrooting, or something similar:
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
However this had no effect for me. Is this because I'm using Dropbear?
Can someone tell me which are the proper steps to restrict to SFTP-only + home directory only access on Debian 6?