summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2017-03-05 16:44:02 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2017-03-05 16:44:02 +0000
commita3988f29b528d8b2fe0fa38be4bbeee1ad246a0a (patch)
tree221169861669621a0c82c85ac0a522d238405b23
parentSetting DebianBanner to no in /etc/ssh/sshd_config. (diff)
downloadopenssh-a3988f29b528d8b2fe0fa38be4bbeee1ad246a0a.zip
openssh-a3988f29b528d8b2fe0fa38be4bbeee1ad246a0a.tar.xz
Adding sftp-only group configuration in /etc/ssh/sshd_config.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/patches/progress-linux/0030-sshd-config-sftp-only.patch23
-rw-r--r--debian/patches/series1
2 files changed, 24 insertions, 0 deletions
diff --git a/debian/patches/progress-linux/0030-sshd-config-sftp-only.patch b/debian/patches/progress-linux/0030-sshd-config-sftp-only.patch
new file mode 100644
index 0000000..c7007a0
--- /dev/null
+++ b/debian/patches/progress-linux/0030-sshd-config-sftp-only.patch
@@ -0,0 +1,23 @@
+Author: Daniel Baumann <daniel.baumann@progress-linux.org>
+Description: Adding sftp-only group configuration in /etc/ssh/sshd_config.
+
+diff -Naurp openssh.orig/sshd_config openssh/sshd_config
+--- openssh.orig/sshd_config
++++ openssh/sshd_config
+@@ -118,9 +118,10 @@ AcceptEnv LANG LC_*
+ # override default of no subsystems
+ Subsystem sftp /usr/lib/openssh/sftp-server
+
+-# Example of overriding settings on a per-user basis
+-#Match User anoncvs
+-# X11Forwarding no
+-# AllowTcpForwarding no
+-# PermitTTY no
+-# ForceCommand cvs server
++# Example of overriding settings on a per-group basis
++Match Group sftp-only
++ AuthorizedKeysFile /etc/ssh/authorized_keys/%u
++ ChrootDirectory /home
++ DisableForwarding yes
++ ForceCommand internal-sftp -d %u
++ PermitTTY no
diff --git a/debian/patches/series b/debian/patches/series
index cffdaa3..fc7dda8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -58,3 +58,4 @@ progress-linux/0026-sshd-config-authorizedkeysfile.patch
progress-linux/0027-sshd-config-passwordauthentication.patch
progress-linux/0028-sshd-config-usedns.patch
progress-linux/0029-sshd-config-debianbanner.patch
+progress-linux/0030-sshd-config-sftp-only.patch