Thursday, March 29, 2012

Redhat/CentOS/Fedora Linux: How to Setup Chroot SSH/SFTP

Find below given steps to setup chrooted SSH:

1) Create a group : groupadd sftpgroup

2) Create a user : useradd -g sftpgroup -d /home/mysftpuser -s /sbin/nologin mysftpuser

3) Open /etc/ssh/sshd_config file and comment following line

   #Subsystem      sftp    /usr/libexec/openssh/sftp-server

4) Add following lines to /etc/ssh/sshd_config

    Subsystem      sftp    internal-sftp
    ChrootDirectory /home/%u

5) Save and exit from /etc/ssh/sshd_config file

6) Restart sshd service

7) Try to login from server/client machine


[nginx_test:main.LINUX5 ~]# sftp mysftp@127.0.0.1
Connecting to 127.0.0.1...
mysftp@127.0.0.1's password:
sftp>

sftp> pwd
Remote working directory: /



Thats it!!!

2 comments:

  1. thats sftp only, not ssh.

    ReplyDelete
    Replies
    1. I concur. Restricting a SFTP-only user works well, but we also need the capability to "jail" specific users with shell access via SSH. On the same system.

      Delete