Configures sftp access with chroot and no shell access for users
- misc ›
This charm provides a simple sftp server via openssh. The users are restricted to sftp (no shell) access and a chroot is setup. Configured directories are then mounted into the chroot for the user so their access is limited to only the specified folders.
This charm doesn't currently have any interfaces and deployment is fairly straight forward.
juju deploy sftp-server
After deployment configure the server for users and mounts.
Scale out Usage
No current allowance for scale out usage, if you want to run this behind HAProxy for tcp load balancing, that's probably fairly easy to add contact the charm author to discuss use cases.
Known Limitations and Issues
The mount points are only allowed to be used one time each in fstab, meaning a source location can not be mounted into multiple chroot environments. This is actually a limitation of the charmhelpers library but if you have a use case for it, fixing in charmhelpers would remove the limitation.
The sftp-config option follows the following format
After the ';' you repeat the pattern for additional users.
Upstream Project Name
- Code: https://github.com/chris-sanders/layer-sftp-server
- Bug tracking: https://github.com/chris-sanders/layer-sftp-server/issues
- Contact information: firstname.lastname@example.org
- (boolean) Attempt to chown to the user after mounting into the chroot
- (string) user,path:name,path:name;user,path:name,path:name
- (boolean) Allow password authentication
- (string) Comma separated list of groups to create. User accounts will not be created
- (string) Comma separated list of users to create. Groups with the same name will be created.
- (string) Ensure the provided groups, comma separated, have the GID specified after '='. e.g. ubuntu=1000,storage=1001
- (string) Ensure the users provided, comma separated, are members of the provided groups, colon separated, following '='. e.g. ubuntu=sudo:wheel,storage=storage,sudo
- (string) Ensure the provided users, comma separated, have the UID specified after '='. e.g. ubuntu=1000,storage=1001