Chrooting Users with SFTP

Prerequisite : OpenSSH 4.9p1 or newer is required, you can verify with the following command :

Note : User can be added with /bin/false or /bin/bash if you want to allow shell access , for shell access refer to the bottom section as well.

rpm -qa | grep -i openssh

Match User username

ChrootDirectory /hoome/%u ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no

For Group :

Match Group sftp

ChrootDirectory %h

ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no

Variables You can use :

%u : Username %h : Home Directory

Fix the permissions , so that they have only access to writable directory :

chown root /home/username chmod go-w /home/username

mkdir /home/username/writeableDir chown username:group/home/username/writeableDir chmod ug+rwX /home/username/writeableDir

For Shell Access :

mkdir /chroot cd /chroot mkdir {bin,dev,lib} mkdir -p /chroot/home/joe cp -p /bin/bash bin/ cp -p /lib/{ld-linux.so.2,libc.so.6,libdl.so.2,libtermcap.so.2} lib/ mknod dev/null c 1 3 mknod dev/zero c 1 5 chmod 0666 dev/{null,zero}

Sign up for more like this.

Enter your email
Subscribe