SFTP Backup User | wiki bubu IT

Tags

Overview

User backup is used for secure remote backups via SFTP only.
Access is restricted to a chroot jail.
No shell access is allowed.

Login Details

Host: dioxi.ddns.net
Port: 22
Username: backup
Protocol: SFTP
Remote directory after login: /data

Directory Structure

/mnt/data/backup → chroot jail (owned by root)
/mnt/data/backup/data → writable upload directory (owned by backup)

Permissions

/mnt/data/backup
- Owner: root:root
- Mode: 755
/mnt/data/backup/data
- Owner: backup:backup
- Mode: 700

SSHD Configuration

The following block is added to /etc/ssh/sshd_config:

Match User backup
    ChrootDirectory /mnt/data/backup
    ForceCommand internal-sftp
    AllowTCPForwarding no
    X11Forwarding no

Password Delivery

Passwords are provided using SnapPass (https://github.com/pinterest/snappass).
SnapPass links are single-use and expire after being opened once.
If the link has expired, request a new one.

Usage

Command-line:

sftp backup@dioxi.ddns.net
cd data
put backup.tar.gz

FileZilla or similar GUI:

Protocol: SFTP
Host: dioxi.ddns.net
Port: 22
Username: backup
Password: [via SnapPass]
Remote path: /data

Log in or register to post comments