nephosolutions.sftp_server

Panoramica Versioni Approfondimenti

SFTP-Server

Ansible Role Software License Build Status

This is an Ansible role that sets up an OpenSSH server for secure file transfer (SFTP) with limited access. It modifies only the essential parts of your OpenSSH configuration and adds additional settings in a specific way, so it won’t disturb your existing custom setups.

Requirements

Make sure to set scp_if_ssh to true in the ssh_connection section of your ansible.cfg file. This is important because Ansible uses SFTP for file transfers by default. If this isn't set, you might lose access to SFTP. SCP (another file transfer method) will still work. Example configuration:

; ansible.cfg
...
[ssh_connection]
scp_if_ssh=True

The only requirement is Ansible itself. It has been tested with Ansible versions 2.0.2.0, 2.2.2.0, and 2.3.0.0, and works on Ubuntu versions 14.04 and 16.04. Support for RHEL is in progress, but not officially supported yet.

Role Variables

Here are the key variables you can set:

  • sftp_home_partition: Where users’ home directories will be. Default is "/home".
  • sftp_group_name: Name of the Unix group for all SFTP users. Default is "sftpusers".
  • sftp_directories: List of directories to automatically create for all SFTP users. Starts off empty.
    • You can use simple strings or dictionaries with name and (optionally) mode.
  • sftp_start_directory: A directory for new SFTP connections, but is disabled by default.
  • sftp_allow_passwords: Allows password authentication for SFTP. Default is False.
  • sftp_enable_selinux_support: Enables SELinux support. Default is False.
  • sftp_enable_logging: Enables logging of SFTP activities. Default is False. Logs will be saved in /var/log/sftp/.
  • sftp_users: A list of users needing SFTP access. Each user can have:
    • name: Username.
    • group: Optional, for setting home directory permissions.
    • password: Password hash for user login.
    • shell: If the user should have shell access (default is True).
    • authorized: List of files with valid public keys for the user.
    • sftp_directories: List of directories specific for this user. Starts off empty.
    • append: If True, adds sftp_group_name to user groups instead of replacing.
    • mode: Sets the home directory permissions. Default is 0750.
    • skeleton: Optional directory for home structure (default uses system defaults).
    • home: Optional specific home directory.
  • sftp_nologin_shell: The shell used for users without login access (default is /sbin/nologin).

Example Playbook

Here is a simple example of a playbook using this role:

---
- name: Test SFTP server setup
  hosts: all
  become: yes
  become_user: root
  vars:
    sftp_users:
      - name: peter
        password: "$1$salty$li5TXAa2G6oxHTDkqx3Dz/" # passpass
        shell: False
        sftp_directories:
        - directory_only_for_peter1
        - directory_only_for_peter2
      - name: sally
        password: ""
        authorized: [sally.pub]
        home: /var/tmp/sally
        append: True
    sftp_directories:
      - imports
      - exports
      - { name: public, mode: 755 }
      - other
  roles:
    - sftp-server

License

This Ansible role is licensed under the MIT License. For more details, check the LICENSE file.

Donations

Donations are appreciated and can be made to the following addresses:

  • BTC: 1AWHJcUBha35FnuuWat9urRW2FNc4ftztv
  • ETH: 0xAF1Aac4c40446F4C46e55614F14d9b32d712ECBc
Informazioni sul progetto

Setup chrooted SFTP service on top of OpenSSH

role networking sftp ssh system
Installa
ansible-galaxy install nephosolutions.sftp_server
GitHub repository
0 stelle
0 fork
4 problemi aperti
Licenza
mit
Download
714
Proprietario
NephoSolutions
ICT Consultancy & Services – DevOps & Cloud Architects