On Thu, 17 Jan 2019 Corinna Vinschen wrote: > > Is the sshd disabled user account still required? > > No, actually it isn't. These days the sshd server checks if the > the privsep chrrot environment should be used and that the process > is started under "root:root". This never matches under Cygwin so > we could drop the sshd user requirement.
So I was exploring using the ChrootDirectory setting in sshd_config to configure a user as sftp only. The following seems to work: 1) Run sshd service as SYSTEM 2) Specify SYSTEM as user 0 in /etc/passwd file; e.g.: SYSTEM:*:0:18:U-NT AUTHORITY\SYSTEM,S-1-5-18:/var/empty:/bin/false 3) Create a local sshd user account 4) Update sshd_config settings to use something such as: Match User sftponly ChrootDirectory /home/%u ForceCommand internal-sftp This works. If the sshd account is missing or disabled, I can't connect using the sftponly user, so it would seem that the sshd account really is required. I have three questions: a) Why is it necessary to specify SYSTEM as user number 0 in the /etc/password file? b) Why is the sshd account required? b) Why are /cygdrive and /dev directories visible when connecting using a sftp client? Thanks! Bill -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple