How to setup isolated sftp-only access for untrusted users

This is a very common scenario: you want to setup SSH access for an untrusted user, but strictly limit his capabilities to SFTP (or scp).

Usually the requirements are just two:

  • The user can only access your machine to run the SFTP command, no other uses of the SSH service will be allowed for this user
  • The user can only access a very restricted environment and not break outside of it (so he cannot access files that he’s not supposed to access)

Depending on the degree of untrustyness, you may also want to avoid DoS attacks on the service, but for this, the best measure is the hardening of the whole SSH service.

Continue reading “How to setup isolated sftp-only access for untrusted users”

Five essential Docker containers for your home server

Running a server in your home network is a great addition to your digital life. There are countless of uses that you can make of it: from testing your personal projects to controlling home automation systems. But even if it is just for storing your files, like your personal DropBox, or for media services, a permanent point of presence completely under your control will give you extreme flexibility.

When it comes to services, I run everything in Docker and this is a list of the 5 applications that I find most useful for a home server.

Continue reading “Five essential Docker containers for your home server”