Configuring SFTP Server for Enhanced Security

BC.

The audit recommendations require the implementation of two configuration parameters: (1) restricting users to their own home directories, and (2) disabling interactive shell login. The correct options are B and C, as explained below:

A. PermitTunnel: This configuration parameter is used to enable or disable the use of tunneling protocols (e.g. VPN) in SSH sessions. It is not relevant to the audit recommendations in this question.

B. ChrootDirectory: This configuration parameter specifies the directory that users are restricted to when they log in. It allows the administrator to create a "chroot jail," which is a virtual file system that isolates the user from the rest of the system. In this case, setting the ChrootDirectory parameter to the user's home directory will ensure that they can only upload and download files to their own directory.

C. PermitTTY: This configuration parameter controls whether SSH sessions are allowed to allocate a TTY (teletypewriter) device. Disabling this parameter will prevent users from using an interactive shell login. This is in line with the audit recommendation to disable interactive shell login.

D. AllowTcpForwarding: This configuration parameter allows or disallows TCP forwarding in SSH sessions. It is not relevant to the audit recommendations in this question.

E. IgnoreRhosts: This configuration parameter specifies whether SSH should ignore the .rhosts and .shosts files in the user's home directory. These files are used for host-based authentication, which is not relevant to the audit recommendations in this question.

In summary, the correct options are B (ChrootDirectory) and C (PermitTTY).