I am having a bit of an issue and I believe I need some help. We have an On-prem SFTP server which will be deprecated soon, so in the mean time I need to set up another SFTP option in AWS running on EC2. I have looked at AWS Transfer Family, but the older cipers and Keys are not accepted on AWS Transfer Family.
Anyways I have the need for two users to use this SFTP server for automated backups. One is an accesscontrol system and the other one is Cisco Switches which use the SCP command from the Cisco CLI to backup.
I have a group on Ubuntu 20.04 called 'sftp' which has both users and from WinSCP it appears to work without issue. It will log the user into their '/home/%u' directory which they are able to write to.
Match Group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -d /%u
Now when I attempt to run the SCP command from cisco I get the following error:
%his service allows sftp connections only.
%Error writing scp://*****@10.2.100.34//backups/b1sw007.cfg.test.20230228 (Permission denied)
I have done some reading into this and I think the ForceCommand is setting it to 'internal-sftp' which is causing this issue. The question is how do I remove that ForceCommand without breaking it for the other user. I 'think' if I remove the ForceCommand it will allow Cisco to use SCP?
Please let me know if you have any questions.
Thanks
