SFTP configuration

I am at a loss. Trying to setup SFTP on our web server for a client. Although they do not require web services, I've created the site through ISPConfig (3.1.6 after following cluster setup using the manual) so they can access files via sftp only. I've created a shell user, assuming that's what's needed in this case, but I can gain access via either ftp or sftp. Once logged in, the user can browse to all directories and is not jailed to their home directory.

Is there any documentation specific to sftp? I've read numerous posts regarding problems but cannot find any posts or docs specific to sftp. How can the user be locked down to only their directory? When setting up the user, I specified Jailkit for the Chroot Shell, although it doesn't make a difference whether JailKit or None are selected. Also need to lock this down to sftp only and not allow standard ftp.

TIA,
Rob

 

Create an FTP User...

 

Sorry, I read FTPS. Both are always confusing...
But from a security point of view they are comparable and FTPS is much easier to setup.

 

I understand and realize that FTPS is much easier to deal with - we use it for all other clients. However, this client specifically requires SFTP and cannot utilize FTPS.

I've gone through the forums again and not finding much help on how to configure sftp users to lock them down. Should they be created as a shell user in ISPConfig? How do you prevent them from using standard ftp? The sftp user can access all folders, add or delete files/folders at the root (or any other) directory level.

I'm completely baffled!

 

till gave you the answer... you need a jailed ssh user and to allow him to login you need to copy the sftp stub into the jail.