I want to create a user for my Ubuntu server. I will use this user to copy some files from server to my local computer. So permissions should be really limited. This user can only reach to /some/path directory in the server and read files. Nothing more.
To achieve this, I've created a user:
sudo useradd scp_user -M -d /some/path
sudo groupadd scp_group
sudo usermod scp_user -g scp_group
sudo usermod scp_user -s /bin/false # disable ssh login
sudo chown -R scp_user:scp_group /some/path
And in my ssh config file:
Match Group scp_group
ChrootDirectory %h
#ForceCommand scp
AllowTcpForwarding no
But getting an error:
scp scp_user@IP:/some/path/test.zip test.zip
scp_user@IP's password:
Could not chdir to home directory /some/path: No such file or directory
/bin/false: No such file or directory
Can you please tell me which step I'm missing?
In your question there is various flaws, as already pointed out by others:
ChrootDirectoryjails your user in his home directory/bin/falseexecutable (nor/bin/scpthat would be needed for thescpitself).You can either:
scpbinary and its required dynamically loaded libraries into the chroot (users home directory)/bin/bashor/bin/shbashorshbinary and its required dynamically loaded libraries into the chroot (users home directory)Or just use
sftp:Subsystem sftp internal-sftp(and possiblyForceCommand internal-sftp) in thesshd_configsshdserverYou might also encounter some problems with permissions (read the errors in the server log!).