Enable SFTP subsystem in SSH configuration

Kristan Kenney · Kristan Kenney · commit 2b2f68c237e4 · 2019-06-13T17:31:04.000-03:00
diff --git a/install/hst-install-debian.sh b/install/hst-install-debian.sh
@@ -891,13 +891,20 @@ rm -f /usr/sbin/policy-rc.d
 # Enable SSH password authentication
 sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
 
+# Enable SFTP subsystem for SSH
+sftp_subsys_enabled=$(grep "#Subsystem sftp-server" /etc/ssh/sshd_config)
+if [ ! -z "$sftp_subsys_enabled" ]; then
+    echo "(*) Updating SFTP subsystem configuration..."
+    sed -i "s/#Subsystem sftp-server/Subsystem sftp internal-sftp/gI" /etc/ssh/sshd_config
+fi
+
 # Disable SSH suffix broadcast
 if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
     echo '' >> /etc/ssh/sshd_config
     echo 'DebianBanner no' >> /etc/ssh/sshd_config
-    service ssh restart
 fi
 
+# Restart SSH daemon
 service ssh restart
 
 # Disable AWStats cron
diff --git a/install/hst-install-ubuntu.sh b/install/hst-install-ubuntu.sh
@@ -865,13 +865,22 @@ rm -f /usr/sbin/policy-rc.d
 # Enable SSH password authentication
 sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config
 
+# Enable SFTP subsystem for SSH
+sftp_subsys_enabled=$(grep "#Subsystem sftp-server" /etc/ssh/sshd_config)
+if [ ! -z "$sftp_subsys_enabled" ]; then
+    echo "(*) Updating SFTP subsystem configuration..."
+    sed -i "s/#Subsystem sftp-server/Subsystem sftp internal-sftp/gI" /etc/ssh/sshd_config
+fi
+
 # Disable SSH suffix broadcast
 if [ -z "$(grep "^DebianBanner no" /etc/ssh/sshd_config)" ]; then
     echo '' >> /etc/ssh/sshd_config
     echo 'DebianBanner no' >> /etc/ssh/sshd_config
-    service ssh restart
 fi
 
+# Restart SSH daemon
+service ssh restart
+
 # Disable AWStats cron
 rm -f /etc/cron.d/awstats
 
diff --git a/install/upgrade/0.10.0-190430.sh b/install/upgrade/0.10.0-190430.sh
@@ -344,6 +344,14 @@ fi
 # Run sftp jail once
 $HESTIA/bin/v-add-sys-sftp-jail
 
+# Enable SFTP subsystem for SSH
+sftp_subsys_enabled=$(cat /etc/ssh/sshd_config | grep "#Subsystem sftp-server")
+if [ ! -z "$sftp_subsys_enabled" ]; then
+    echo "(*) Updating SFTP subsystem configuration..."
+    sed -i "s/#Subsystem sftp-server/Subsystem sftp internal-sftp/gI" /etc/ssh/sshd_config
+    service ssh restart
+fi
+
 # Remove and migrate obsolete object keys
 for user in `ls /usr/local/hestia/data/users/`; do
     USER_DATA=$HESTIA/data/users/$user
