CHROOT: SETUP CHROOT JAIL FOR SFTP USERS

CHROOT: In order to chroot user to a particular folder follow the procedures below

# make change to sshd_config file

# so that sftp users group should be sftpuser and users chrootdirectory should be /sftp/home/[directory of usersname]

 

1) vi /etc/ssh/sshd_config
#comment this line
#Subsystem sftp /usr/libexec/openssh/sftp-server
#add this line
Subsystem sftp internal-sftp
#following lines to chroot users
Match Group sftpuser
ChrootDirectory /sftp/home/%u
ForceCommand internal-sftp
AllowTcpForwarding no

2) groupadd sftpuser
3) useradd -g sftpuser -m /upload -s /bin/nologin velocityuser

4) passwd velocityuser
give password

5) mkdir -p /sftp/home/velocityuser/

6)mkdir /sftp/home/velocityuser/upload

7)chown velocityuser:sftpuser /sftp/home/velocityuser/upload

8) ls -ld /sftp/home/velocityuser/upload
# make sure owner and group of upload is velocityuser and sftpuser
9) ls -ld /sftp/home/velocityuser
# make sure owner and group of velocityuser is root and root
10) ls -ld /sftp/home
# make sure owner and group of home is root and root
11)ls -ld /sftp
# make sure owner and group of sftp is root and root

12) service sshd restart

 

# from client
13) sftp velocityuser@sftpserveripaddress
password

sftp> pwd
remote working directory: /upload

sftp>cd /etc (it should throw error)

sftp> ls (should show you content of /sftp/home/velocityuser/upload

 

Leave a Reply