OpenSSH SFTP with Chroot, how to change password
I have setup up ssh with chrooted directory where users only can use sftp and access a directory and all is child folders. The only problem I have is that I need to let the users change their password somehow after I have created the user.
I have been searching for a reliable web interface where they can sign in with they can change their password but haven't managed to find anyone. Do you have any idea of how I can let them do that with any excising solution?
I would switch to use SSH key pairs and forgo password authentication altogether.
It's more secure (you can disable password authentication in sshd_config
and enjoy having a drastic reduction in brute force attempts in your auth.log
) because they can create their own passphrase and if they forget that, they can just create a new key pair and simply email you their public key to append to their user's authorized_keys
file.
PuttyGen is very easy to use, Mac and Linux users have ssh-keygen
built-in and is essentially two commands to generate the key and output it with cat
or whatever so that they can copy/paste (or you could wrap up in a simple bash script or Cocoa or whatever for them).
EDIT
If your users have very little computer knowledge, I don't even think an FTP Server is going to fly. You should move to a Web-based file management system. Pick your scripting language/platform of choice: there are dozens of them out there. PHPfileNavigator's solid, for example.
If for some reason you're stuck with FTP, reset their password for them and send it to them out-of-band (phone call or SMS) or email if the risk/content privacy is low.