Secure file transfer

I have see some old topic here about the question and I just wonder if that have make it simple to create a secure file server with nethserver.
I was thinking SFTP with chrooted jail environment and fail2ban.

Just wonder is that is still template and script or is it more easy now with GUI?

You still need a custom template for the chroot jail.

Fail2ban already blocks bad SSH logins and there’s also 2FA for SSH for additional security.

Ahh ok then I going to see what I can do :slight_smile:
Thanks

Hi again
I did find this that did look simple
SFTP chroot howto - Howto - NethServer Community

but have not got it to work.
I have create a user and a group in GUI and it can login to SFTP but is not chroot jail

I think it have to do something about how to connect the template to the group.

Nethserver have a local LDAP that have a user and group (call chrooted) but not sure how to connect the group from LDAP to the template.

I have try with both “chrooted@mydomain.se” and “chrooted@sftp.mydomain.se” and even just “chrooted”

There’s an error in the howto.

To apply the configuration and write the config files for sshd

signal-event nethserver-openssh-save

is needed instead of

signal-event nethserver-sssd-save

You may check if /etc/ssh/sshd_config contains the needed line for chroot:

ChrootDirectory /var/lib/nethserver/home/

Thanks, now it works :slight_smile:
The only think and I’m not sure if it can be done is that now the script have make so they can’t go outside home folder and they can’t access eachothers folders but they can see the name of other people homefolders. Is that possible to make them stay inside their own homefolders?

I did try to add
/var/lib/nethserver/home/%u
but then I can’t access SFTP

Yes, the home folders need to be owned by root to make chroot work.

This should work for the home folders:

ChrootDirectory %h

if I use %h I can’t login at all.
It just say error and I have to look in the log.
But it is ok, as long it works I’m happy :slight_smile:

Did you change owner for the user folder?

chown root: /var/lib/nethserver/home/user

Yes I did and now user have no access to it own home folders.

Sorry, you need to set permissons too:

chmod 755 /var/lib/nethserver/home/user

Source:

1 Like

ok have read but 755 make a user access his and his friends home folder :slight_smile:
That they can see name of other people homefolder is ok.

1 Like

Thanks for correcting that @mrmarkuz. @cazz I’m happy my howto could help someone else.

1 Like