Editing Sftp chroot configuration

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[OpenSSH 4.9]]+ (2008) includes a built-in chroot for SFTP.
 
 
  
 
== Configuration ==
 
== Configuration ==
* Read ask Ubuntu, How can I chroot sftp-only SSH users into their homes? https://askubuntu.com/a/206376  
+
* Read https://askubuntu.com/a/206376  
  
 +
/etc/ssh/[[sshd_config]]
  
  
 +
1) Modify <code>[[Subsystem]]</code> to <code>[[internal-sftp]]</code>
  
=== 1) Modify <code>[[Subsystem]]</code> to <code>[[internal-sftp]]</code> ===
 
 
Modify <code>/etc/ssh/[[sshd_config]]</code> file
 
 
  #Subsystem sftp /usr/lib/openssh/sftp-server
 
  #Subsystem sftp /usr/lib/openssh/sftp-server
 
  Subsystem sftp [[internal-sftp]]
 
  Subsystem sftp [[internal-sftp]]
  
  
=== 2) Create a user section at the end of the file (ssh can die respawning if placed after Subsystem line) ===
+
2) Second step
 +
and create a user section at the end of the file (ssh can die respawning if placed after Subsystem line):
  
 
  [[Match]] User john
 
  [[Match]] User john
 
     [[ChrootDirectory]] [[%h]]
 
     [[ChrootDirectory]] [[%h]]
 
     ForceCommand [[internal-sftp]]
 
     ForceCommand [[internal-sftp]]
     [[AllowTCPForwarding]] no
+
     AllowTCPForwarding no
 
     X11Forwarding no
 
     X11Forwarding no
  
Line 40: Line 38:
 
     X11Forwarding no
 
     X11Forwarding no
  
=== 3) Review privileges from <code>[[ChrootDirectory]]</code>  directory ===
+
3) Review privileges from <code>[[ChrootDirectory]]</code>  directory
  
=== 4) [[Create a new user account]] ===
+
== Creating new user ==
 
  [[useradd --create-home]] USERNAME
 
  [[useradd --create-home]] USERNAME
[[su]] - USERNAME
+
  [[mkdir -p]] HOME_USER/[[.ssh]]
  [[mkdir -p]] ~/[[.ssh]]
+
  [[chown]]
  [[chmod]] og-rxw [[~]]/.ssh
+
[[chmod]] og-rx /home/USERNAME/.ssh
  [[touch]] ~/.ssh/[[authorized_keys]] && [[chmod]] og-rw ~/.ssh/authorized_keys
+
  [[touch]] ~/.ssh/authorized_keys && chmod og-r ~/.ssh/authorized_keys
[[passwd]] USERNAME
 
  
 
  [[mkdir -p]] /path/to/directory/upload
 
  [[mkdir -p]] /path/to/directory/upload
 
  chmod 777 /path/to/directory/upload
 
  chmod 777 /path/to/directory/upload
  
  Add user on [[Match]] section on [[/etc/ssh/sshd_config]] file
+
  Add user on [[Match]] section on [[sshd_config]] file
  
 
  [[sshd -t]]
 
  [[sshd -t]]
  [[systemctl restart sshd]] && [[systemctl status sshd]]
+
  [[systemctl restart]] sshd
  
 
== Logs ==
 
== Logs ==
Line 65: Line 62:
 
  'Match LocalPort' in configuration but 'lport' not in connection test specification.
 
  'Match LocalPort' in configuration but 'lport' not in connection test specification.
  
See also: <code>[[LogLevel]]</code>
 
  
== Related terms ==
+
== Related commands ==
 
* <code>[[useradd]] -m USERNAME</code>
 
* <code>[[useradd]] -m USERNAME</code>
* https://wiki.archlinux.org/index.php/SFTP_chroot
 
  
 
== See also ==
 
== See also ==

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/Sftp_chroot_configuration"

Advertising: