Scponly
From ArchWiki
Contents |
Introduction
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access to your box. Additionally, you can setup scponly to chroot the user into a particular directory increasing the level of security.
Installation
Prerequisites
This guide assumes that you have sshd installed, configured, and running.
Setup
Scponly resides in [community] and can be installed like any other package:
# pacman -Sy scponly
If you have a user already created, simply set the user's shell to scponly
# usermod -s /usr/bin/scponly username
That's it. Go ahead and test it using your favorite sftp client.
Adding a chroot jail
Note: The Arch package seems to be missing some files required for automating this process. The steps I following on a Debian box:
$ cd /usr/share/doc/scponly/setup_chroot # gunzip setup_chroot.sh.gz # chmod +x setup_chroot.sh # ./setup_chroot.sh