IP restriction not working for SFTP user
Posted: 2020/01/08 14:20:07
I am configuring the SFTP user with IP restriction in Centos 7. Below is my configuration in sshd_config file.
Subsystem sftp internal-sftp -l INFO
Match User ravi Address X.X.X.X/32
PasswordAuthentication yes
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
With the above configuration, jail and IP address restriction were not working as expected. After logging into SFTP account, it shown present working directory as /home/ravi instead of / and we were able to login from restricted IP address. Please refer the 'before_match_all.png' file for your reference.
To fix the jail issue, I have added "Match All" condition in the sshd_config file after that the jail has started work as expected (/). Please refer the 'after_match_all.png' file for your reference.
Can anyone tell me how to restrict the SFTP users on IP basis in Centos 7 ?
Subsystem sftp internal-sftp -l INFO
Match User ravi Address X.X.X.X/32
PasswordAuthentication yes
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
With the above configuration, jail and IP address restriction were not working as expected. After logging into SFTP account, it shown present working directory as /home/ravi instead of / and we were able to login from restricted IP address. Please refer the 'before_match_all.png' file for your reference.
To fix the jail issue, I have added "Match All" condition in the sshd_config file after that the jail has started work as expected (/). Please refer the 'after_match_all.png' file for your reference.
Can anyone tell me how to restrict the SFTP users on IP basis in Centos 7 ?