Seamless SFTP tunneling / jump box - with chrootSeamless SFTP tunneling / jump box
How to convert array of objects to single object which has dynamic key in typescript
Save terminal output to a txt file
Pigeonhole Principle Problem
I caught several of my students plagiarizing. Could it be my fault as a teacher?
Does hiding behind 5-ft-wide cover give full cover?
Any examples of headwear for races with animal ears?
Selecting a secure PIN for building access
How can I close a gap between my fence and my neighbor's that's on his side of the property line?
Field Length Validation for Desktop Application which has maximum 1000 characters
Airbnb - host wants to reduce rooms, can we get refund?
Binary Numbers Magic Trick
If 1. e4 c6 is considered as a sound defense for black, why is 1. c3 so rare?
When and why did journal article titles become descriptive, rather than creatively allusive?
If Melisandre foresaw another character closing blue eyes, why did she follow Stannis?
Survey Confirmation - Emphasize the question or the answer?
Is it cheaper to drop cargo than to land it?
Write to EXCEL from SQL DB using VBA script
Historically, were women trained for obligatory wars? Or did they serve some other military function?
How to implement float hashing with approximate equality
Entropy as a function of temperature: is temperature well defined?
Applying a function to a nested list
Why is this a valid proof for the harmonic series?
Was Unix ever a single-user OS?
Is it the same airport YUL and YMQ in Canada?
Seamless SFTP tunneling / jump box - with chroot
Seamless SFTP tunneling / jump box
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
Continuing a question from here: seamless-sftp-tunneling-jump-box
where I asked how to tunnel an SFTP connection from a single jumpbox to machines in internal network.
I have successfully managed to tunnel an SFTP connection with a matching rule on a jumpbox using
ForceCommand ssh -i /home/someuser/.ssh/id_rsa someuser@some_other_server $SSH_ORIGINAL_COMMAND
This was working great for regular SFTP with Subsystem sftp /usr/lib/openssh/sftp-server on sshd_config file on the internal machines.
BUT
now I try to use chroot for my users in the internal machines which force me to use Subsystem sftp internal-sftp and this resolve in connection closed message when attempting to connect via the jump-box machine.
SFTP from the jump-box directly to the internal machine works as expected - so I know my chroot configuration is good.
internal machine sshd_config:
Subsystem sftp internal-sftp
Match Group sftp-users
X11Forwarding no
AllowTcpForwarding no
PermitTTY no
ForceCommand internal-sftp
ChrootDirectory %h
my user is part of sftp-users group.
sshd_config of jump-box machine:
Subsystem sftp /usr/lib/openssh/sftp-server
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
UseDNS yes
Match User sftpuser
ForceCommand ssh -i /home/sftpuser/.ssh/global-rsa sftpuser@internal-machine $SSH_ORIGINAL_COMMAND
ssh ssh-tunneling openssh sftp
asked 2 mins ago
Itai MalekItai Malek
233
add a comment |
Continuing a question from here: seamless-sftp-tunneling-jump-box
where I asked how to tunnel an SFTP connection from a single jumpbox to machines in internal network.
I have successfully managed to tunnel an SFTP connection with a matching rule on a jumpbox using
ForceCommand ssh -i /home/someuser/.ssh/id_rsa someuser@some_other_server $SSH_ORIGINAL_COMMAND
This was working great for regular SFTP with Subsystem sftp /usr/lib/openssh/sftp-server on sshd_config file on the internal machines.
BUT
now I try to use chroot for my users in the internal machines which force me to use Subsystem sftp internal-sftp and this resolve in connection closed message when attempting to connect via the jump-box machine.
SFTP from the jump-box directly to the internal machine works as expected - so I know my chroot configuration is good.
internal machine sshd_config:
Subsystem sftp internal-sftp
Match Group sftp-users
X11Forwarding no
AllowTcpForwarding no
PermitTTY no
ForceCommand internal-sftp
ChrootDirectory %h
my user is part of sftp-users group.
sshd_config of jump-box machine:
Subsystem sftp /usr/lib/openssh/sftp-server
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
UseDNS yes
Match User sftpuser
ForceCommand ssh -i /home/sftpuser/.ssh/global-rsa sftpuser@internal-machine $SSH_ORIGINAL_COMMAND
ssh ssh-tunneling openssh sftp
asked 2 mins ago
Itai MalekItai Malek
233
add a comment |
Continuing a question from here: seamless-sftp-tunneling-jump-box
where I asked how to tunnel an SFTP connection from a single jumpbox to machines in internal network.
I have successfully managed to tunnel an SFTP connection with a matching rule on a jumpbox using
ForceCommand ssh -i /home/someuser/.ssh/id_rsa someuser@some_other_server $SSH_ORIGINAL_COMMAND
This was working great for regular SFTP with Subsystem sftp /usr/lib/openssh/sftp-server on sshd_config file on the internal machines.
BUT
now I try to use chroot for my users in the internal machines which force me to use Subsystem sftp internal-sftp and this resolve in connection closed message when attempting to connect via the jump-box machine.
SFTP from the jump-box directly to the internal machine works as expected - so I know my chroot configuration is good.
internal machine sshd_config:
Subsystem sftp internal-sftp
Match Group sftp-users
X11Forwarding no
AllowTcpForwarding no
PermitTTY no
ForceCommand internal-sftp
ChrootDirectory %h
my user is part of sftp-users group.
sshd_config of jump-box machine:
Subsystem sftp /usr/lib/openssh/sftp-server
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
UseDNS yes
Match User sftpuser
ForceCommand ssh -i /home/sftpuser/.ssh/global-rsa sftpuser@internal-machine $SSH_ORIGINAL_COMMAND
ssh ssh-tunneling openssh sftp
asked 2 mins ago
Itai MalekItai Malek
233
Continuing a question from here: seamless-sftp-tunneling-jump-box
where I asked how to tunnel an SFTP connection from a single jumpbox to machines in internal network.
I have successfully managed to tunnel an SFTP connection with a matching rule on a jumpbox using
ForceCommand ssh -i /home/someuser/.ssh/id_rsa someuser@some_other_server $SSH_ORIGINAL_COMMAND
This was working great for regular SFTP with Subsystem sftp /usr/lib/openssh/sftp-server on sshd_config file on the internal machines.
BUT
now I try to use chroot for my users in the internal machines which force me to use Subsystem sftp internal-sftp and this resolve in connection closed message when attempting to connect via the jump-box machine.
SFTP from the jump-box directly to the internal machine works as expected - so I know my chroot configuration is good.
internal machine sshd_config:
Subsystem sftp internal-sftp
Match Group sftp-users
X11Forwarding no
AllowTcpForwarding no
PermitTTY no
ForceCommand internal-sftp
ChrootDirectory %h
my user is part of sftp-users group.
sshd_config of jump-box machine:
Subsystem sftp /usr/lib/openssh/sftp-server
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication yes
UseDNS yes
Match User sftpuser
ForceCommand ssh -i /home/sftpuser/.ssh/global-rsa sftpuser@internal-machine $SSH_ORIGINAL_COMMAND
ssh ssh-tunneling openssh sftp
ssh ssh-tunneling openssh sftp
asked 2 mins ago
Itai MalekItai Malek
233
asked 2 mins ago
Itai MalekItai Malek
233
asked 2 mins ago
Itai MalekItai Malek
233
asked 2 mins ago
Itai MalekItai Malek
233
asked 2 mins ago
Itai MalekItai Malek
233
233
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f516298%2fseamless-sftp-tunneling-jump-box-with-chroot%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f516298%2fseamless-sftp-tunneling-jump-box-with-chroot%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
