Find below given steps to setup chrooted SSH:
1) Create a group : groupadd sftpgroup
2) Create a user : useradd -g sftpgroup -d /home/mysftpuser -s /sbin/nologin mysftpuser
3) Open /etc/ssh/sshd_config file and comment following line
#Subsystem sftp /usr/libexec/openssh/sftp-server
4) Add following lines to /etc/ssh/sshd_config
Subsystem sftp internal-sftp
ChrootDirectory /home/%u
5) Save and exit from /etc/ssh/sshd_config file
6) Restart sshd service
7) Try to login from server/client machine
[nginx_test:main.LINUX5 ~]# sftp mysftp@127.0.0.1
Connecting to 127.0.0.1...
mysftp@127.0.0.1's password:
sftp>
sftp> pwd
Remote working directory: /
Thats it!!!
1) Create a group : groupadd sftpgroup
2) Create a user : useradd -g sftpgroup -d /home/mysftpuser -s /sbin/nologin mysftpuser
3) Open /etc/ssh/sshd_config file and comment following line
#Subsystem sftp /usr/libexec/openssh/sftp-server
4) Add following lines to /etc/ssh/sshd_config
Subsystem sftp internal-sftp
ChrootDirectory /home/%u
5) Save and exit from /etc/ssh/sshd_config file
6) Restart sshd service
7) Try to login from server/client machine
[nginx_test:main.LINUX5 ~]# sftp mysftp@127.0.0.1
Connecting to 127.0.0.1...
mysftp@127.0.0.1's password:
sftp>
sftp> pwd
Remote working directory: /
Thats it!!!
thats sftp only, not ssh.
ReplyDeleteI concur. Restricting a SFTP-only user works well, but we also need the capability to "jail" specific users with shell access via SSH. On the same system.
Delete