Jump to content


Photo
* * * * * 1 votes

SSH/SCP and SFTP Chroot User to Directory Linux

chroot ssh chroot sftp chroot ssh users to directory securing users directory chrooted ssh/sftp tutorial chroot to users directory chroot ssh ubuntu 12.04

  • Please log in to reply
No replies to this topic

#1 Administrator

Administrator

    Dev Partner

  • Lead Developer
  • 911 posts
  • 572 Thanks
  • Gender:Male
  • Location:New York
  • Interests:Everything code...

Posted 25 February 2013 - 05:14 PM

  Since version 4.8, OpenSSH supports chrooting (see http://openssh.org/txt/release-4.8), so no patches are needed anymore. This tutorial describes how to give users chrooted SSH access. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to use chrooted SFTP.

 

The above is from howtoforge but it doesnt work. My tutorial and script actually works and allows access to only the users home directory and not the entire home directory where they can see other users. This is a full chroot jail for SSH/SCP/ and SFTP access to ones own directory.

 

Login to shell as root and run the following to make sure you have everything:

 

apt-get install ssh openssh-server sudo debianutils coreutils

 

Now open up your SSH config file



nano /etc/ssh/sshd_config

 

Scroll to the bottom and make sure to add the following and comment out the second line

 

 

Subsystem sftp internal-sftp
#Subsystem sftp /usr/lib/openssh/sftp-server

 

Now at the bottom add the following making sure the user you are chrooting is replaced in the lines where it says USER

 

 

UseDNS no
AllowUsers USER

Match User USER
   PasswordAuthentication yes
   ChrootDirectory /home/%u
   AllowTCPForwarding no
   X11Forwarding no
Match

 

 

Now restart SSH

service ssh restart

 

Now download the script and install the libraries for the user:

cd /usr/local/sbin
wget http://www.devcu.com/apps/make_chroot_jail.sh
chmod 700 /usr/local/sbin/make_chroot_jail.sh

Remember to replace the word USER below with the actual user and edit the home directory accordingly.

make_chroot_jail.sh USER /bin/bash /home/USER

Answer the questions, yes, yes and then you are done.

 

 

Login to the account to test and you will see the user can only access their own directory via SSH/SCP and SFTP


  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users