Below is basically the code for the Apache MINA server. It works great. When I connect with WinSCP, I'm restricted to the directory and cannot go back, which is good. On the other hand when I connect with SSH terminal, I am able to go back and forward directories, which I do not want to happen.
I do know that this line is what restricts the user for WinSCP:
sshd.setFileSystemFactory(
(FileSystemFactory) new VirtualFileSystemFactory(new File("C:/my apps").toPath()));
JAR versions used (realized there are large differences between releases):
- mina-core-2.0.7
- sshd-core-1.7.0
- slf4j-api-1.7.25
- slf4j-jdk-1.7.25
SshServer sshd = SshServer.setUpDefaultServer();
sshd.setPort(8080);
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider(new File("hostkey.ser")));
sshd.setUserAuthFactories(userAuthFactories);
sshd.setCommandFactory(new ScpCommandFactory());
sshd.setSubsystemFactories(sftpCommandFactory);
sshd.setShellFactory(new ProcessShellFactory(new String[] { "cmd" }));
// "/bin/bash", "-i", "-l"
sshd.setFileSystemFactory(
(FileSystemFactory) new VirtualFileSystemFactory(new File("C:/my apps").toPath()));
sshd.setPasswordAuthenticator(new PasswordAuthenticator() {
@Override
public boolean authenticate(String username, String password, ServerSession session) {
if ((username.equals("username")) && (password.equals("password"))) {
return true;
}
return false;
}
});
sshd.start();
while (true);
I was wondering if anyone has come across this and has done it within Java since I cannot find anything in the API.
You would have to implement a complete new shell (in your case a replacement for
cmd) to chroot user in the shell too. That's hardly possible.There are ready-made tools for chrooting shell on *nix systems. But it seems that your server runs on Windows (
cmd). I do not think there's any tools for chrooting on Windows. And I cannot even imagine it's possible.But why don't you just set users permissions in a way to allow the logged in user to roam only into folders that you want him/her to?