SFTP chroot

To put some users in a chroot for sftp you need to adjust a few settings in your sshd_config:

Subsystem       sftp    internal-sftp

Match Group sftponly
    ForceCommand internal-sftp -l VERBOSE
    ChrootDirectory /srv/sftp
    X11Forwarding no
    AllowTcpForwarding no

After that you can add a user for sftp and give him a home directory under your chroot. Use / as home directory just to ensure that the user is in the right directory after sftp login:

# useradd -G sftponly -d / -s /usr/sbin/nologin 
# mkdir -p /srv/sftp/
# chown  /srv/sftp

Comments (0)

2014-05-14 09:05:46