sftp access only; restrict users to their own folders; extensive logging

Pragma Systems Technical Forum

sftp access only; restrict users to their own folders; extensive logging

https://forums.pragmasys.com/Topic42.aspx

By johndavis - 9/1/2010 5:18:36 AM

Hello Pragma,

I am evaluating your Pragma FortressSSH softare and need to configure the SFTP server in the following way:

1. Need to have SFTP connectivity (no shell access) for multiple users
2. Need to restrict the users to their own folders
3. Need to have extensive logging capability

Please provide detailed instructions on how to do this.

Thanks in advance for your help.

-John Davis

By Technical Support Group (TSG) - 9/1/2010 6:02:29 AM

Hi John,

Thanks for your interest in Pragma Systems software. Please follow the instructions below for Pragma FortressSSH SFTP configuration:

#1. Need to have SFTP connectivity (no shell access) for multiple users:

To turn off shell access (i.e. no ssh command line access), launch the "Local FortressSSH Configuration" dialog.
Under the "Access Control" option, de-select "Logon/Shell Access" and any other type of access that you would like to block. Make sure that "Allow SFTP Access" remains selected.

#2. Need to restrict the users to their own folders:

Launch the "Local FortressSSH Configuration" dialog. Under "SFTP Users", add all the users to whom you would like to provide sftp access. Then for each user that you added under "SFTP Users", select the user and then select the "virtual directory assignment" option. Click on the Add button and enter the Virtual Path (for example, "Test1Dir" - this name will be visible to the user). Under the File Path field, enter the path of the folder to which you would to restrict the user to (for example, C:\temp1). The user will neither be able to traverse the directories above this directory nor will be able to view the actual path to this directory.

Example:
Test1 user added under "SFTP Users" with a virtual Path of "Test1Dir" mapped to "C:\Temp1" will be restricted to the "Temp1" folder and all of its sub folders. This user's root directory will be displayed as "Test1Dir" but will not know that "Test1Dir" is actually "C:\Temp1".

#3. Need to have extensive logging capability

To enable extensive sftp logging, launch the "Local FortressSSH Configuration" dialog and click on the "SFTP Users" option. Select the "Detailed" option under the "Logging" drop-down menu. In the field labeled "Directory for Log Files", provide the path to the directory where sftp log files will be created.

Additionally, enable extensive logging under the Logging option of Local FortressSSH Sever Configuration by selecting all the necessary check boxes including "server operation logging" and setting the slider to the appropriate level. (The slider at "0" means no server operation logging will be generated. Therefore, the slider must be set at 1 or higher.)

Hope this helps. Feel free to email us at support@pragmasys.com or call us at 512-219-7270 if you have any questions.

Thank you,

Technical Support Group (TSG)
Pragma Systems, Inc.