SFTP without chroot

Today I needed to configure a sftp server as replacement for the standard ftpd. I was shocked as alomst any documentation can be found via google. But it’s rather simple so here’s what I’ve done on AIX:

Install openssh (have a look at the IBM LinuxToolbox), sftp should be activated per default. Check /etc/ssh/sshd_config for the line http://www-1.ibm.com/servers/aix/products/aixos/linux/download.html

Now you have to configure sftp-server as login-command:

  • add /usr/sbin/sftp-server as allowed login shell to /etc/security/login.cfg
  • assign sftp-server as login-command to the sftp-user
    • per smit: look for Initial PROGRAM
    • manually: edit /etc/passwd, so the sftp-users line looks like
      sftp-user:!:1010:1010:mailto.sftp@localhost:/home/sftp:/usr/sbin/sftp-server
  • If you changed the sshd_config restart the sshd-subsystem:

    stopsrc -s sshd
    startsrc -s sshd

That’s it! The sftp-user should be able to login via sftp, like sftp sftp-user@localhost and end up in its home-directory with no shell, just sftp.