Confirmed users
502
edits
Security/Guidelines/OpenSSH: Difference between revisions
Automated sync from https://github.com/mozilla/wikimo_opsec
(Automated sync from https://github.com/mozilla/wikimo_opsec) |
Gdestuynder (talk | contribs) (Automated sync from https://github.com/mozilla/wikimo_opsec) |
||
| Line 257: | Line 257: | ||
* Disable sftp if not needed as it exposes more surface and different logging mechanisms than SSH (and thus scp) itself. | * Disable sftp if not needed as it exposes more surface and different logging mechanisms than SSH (and thus scp) itself. | ||
{{note| | |||
You may want to use the group "users" instead of "sftpusers" in the example below as this may already exist and include all regular users by | |||
default. | |||
}} | |||
<source code="bash"> | |||
# groupadd sftpusers | |||
# usermod -a -g sftpusers <userthat_needs_ftp> | |||
# chown :sftpusers /usr/lib/ssh/sftp-server | |||
# chmod 0750 /usr/lib/ssh/sftp-server | |||
</source> | </source> | ||