I need to create users only to allow SFTP access. At this time, "Chroot Shell" is set to "Jailkit" but the user can navigate backwards from the home folders, almost anywhere. At least I would like to avoid this. Thank you for your help.
Then the jail is not initiated correctly. You can check that in /etc/passwd. As fasr as I know, you can not even use sftp in a jail in ispconfig, so if the jail would be there, then not sftp login is possible. In general, I recommend that you use ftps and not sftp. ftps is FTP over a secure TLS encrypted connection which runs over the FTP daemon so that it can benefit from the virtual ftp jails while sftp is a ssh protocol and needs full ssh jails.
Thank you Till, please can you tell me what I have to check/correct in /etc/passwd? FTPS users are configured as shell users or ftp users in ISPConfig 3? Thanks again.
Check the shell of the shell users in /etc/passwd. If its /bin/bash, then they are not jailed. if the shell is something like jk_chrootsh, then the users are jailed. FTPS users are configured as FTP users in ispconfig.
in /etc/passwd there is: web9:x:5011:5006::/var/www/clients/client2/web9/./home/web9:/bin/false user9:x:5011:5006::/var/www/clients/client2/web9/./home/user9:/usr/sbin/jk_chrootsh while in ISPConfig: user9 Chroot Shel=Jailkit Options: Web Username=web9 Web Group=client2 Shell=/bin/bash Dir=/var/www/clients/client2/web9 the only oddity seems the web9 user's shell /bin/false in /etc/password /bin/bash in ISPconfig
Yes it works. The strange thing is that now also works with the old configuration. It seems that the configurations take effect several minutes after being executed.
It takes about one minute until the configuration is applied. You can see in the jobqueue of the ispconfig monitor when a job has been executed.
