I am working with OpenSSH downloaded from https://github.com/PowerShell/Win32-OpenSSH/releases.
My goal here is to setup an ssh server that allows sftp files transfer without ssh access. According to the official documentation provided by OpenSSH, this should be supported on Windows since version 7.7. was released and the restriction should be set up in sshd_config and I tried to play with this file for a while, but I wasn’t able to restrict myself to be able to only access the subfolders, this is what I have in my config file added:
Subsystem sftp sftp-server.exeForceCommand internal-sftp ChrootDirectory c:usersmyusername AllowTcpForwarding no PermitTunnel noGatewayPorts noCan anyone tell me why this is not working? Or I cannot setup SFTP access only like this?
Another option would be to disable SSH connection. How do I achieve that with OpenSSh in Windows?
Solution:
From Mika-n on the PowerShell-OpenSSH GitHub:
This works with OpenSSH-Win64 8.1.x version, but you need to set following sshd_config options (by default in
%PROGRAMDATA%SSHfolder location in Windows platform):ForceCommand internal-sftp Subsystem sftp sftp-server.exe -d "D:MyDataRoot" ChrootDirectory D:MyDataRootPermitTunnel no AllowAgentForwarding no AllowTcpForwarding noX11Forwarding no AllowUsers sftpuser
So consider adding the subsystem line with -d to set the folder, or add -d to your ForceCommand entry.
Please note that you should also make sure the users have the correct filesystem permissions to keep them contained in a folder as well.