Restricting OpenSSH to allow uploads only to certain directories.

Question

I need to run backups from multiple servers to a single account on another server. If one of the public servers is compromised, I don't want the other server's files on the backup account compromised.

What I need to do is only allow SCP to a specific directory, based on the ssh key of the incoming connections.

I know that I can set the shell, and several options on a per key basis in the authorized_keys file. http://www.manpagez.com/man/8/sshd/ (Scroll down to "AuthorizedKeysFile")

What I don't know how to set the internal-sftp command to only use a certain directory. I don't have root on the the machine, so I can't do the normal internal-sftp + chroot.

Answer 1

It doesn't work that way.

What you need to do is set up a mini chroot jail for each backup host. It just needs to be able to run sh and scp (/dev only needs /dev/null entry).

Use jailsh as the login shell for each account.

Jailsh is a suid-root login shell that sets chroot jail to the directory marked by two consecutive slashes, drops root privs, and execs /bin/sh.