A cookbook to provision an SFTP server which a collection of chroot jailed users. Primarily aimed at situations where end users need simple, but limited, SCP/SFTP access to provide data (e.g., automated importing).
- Ubuntu 12.04
| Key | Type | Description | Default |
|---|---|---|---|
['openssh']['server']['port'] |
Array | Ports OpenSSH listens on | %w(22 43827) |
['openssh']['server']['permit_root_login'] |
String | Allow remote root logins | 'no' |
['openssh']['server']['password_authentication'] |
String | Allow password logins | 'yes' |
['openssh']['server']['subsystem'] |
String | Set a subsystem for OpenSSH | 'sftp /usr/lib/sftp-server' |
['openssh']['server']['match'] |
Hash | Provide a match config for OpenSSH | see below |
set['openssh']['server']['match'] = {
'Group uploadonly' => {
'chroot_directory' => '%h',
'force_command' => 'internal-sftp',
'allow_tcp_forwarding' => 'no'
}
}Include et_upload in your node's run_list:
{
"run_list": [
"recipe[et_upload::default]"
]
}For testing purposes, the users upload data bag item exists. The password for each user is password, salted & encrypted to best resemble a real password & allow for logging in via SFTP to do manual testing of SFTP functionality.
- Fork the repository on Github
- Create a named feature branch (i.e.
add-new-recipe) - Write you change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request
Author:: EverTrue, Inc. (jeff@evertrue.com)