Hello,

I'm trying to set up an sftp (sshfs) service accessible to users with
a normal account on a server, but which would be restricted to a
subset of the directory hierarchy normally accessible to the users in
question, in practice a single directory. The idea would be to allow
file access to this directory with a passwordless public key, but keep
rest of the users file accessible only with another, supposedly more
secure key.

I found a way to do this by running a separate sshd on a different
port with 'ChrootDirectory /some-dir' and 'ForceCommand internal-sftp'
configuration variables, but running two sshds is rather inelegent. Is
there a way to force this kind of configuration to only some keys? If
not, could the Match keyword be extended to match only certain keys,
or even better, could a 'chrootdir' option be added to the Authorized
keys format?

Teemu
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev