Jump to content

* * * * * 1 votes

SSH/SCP and SFTP Chroot User to Directory Linux

chroot ssh chroot sftp chroot ssh users to directory securing users directory chrooted ssh/sftp tutorial chroot to users directory chroot ssh ubuntu 12.04

Share this Topic

  • Please log in to reply
No replies to this topic

#1 Administrator


    Dev Partner

  • Lead Developer
  • 918 posts
  • 581 Thanks
  • Gender:Male
  • Location:New York
  • Interests:Everything code...

Posted 25 February 2013 - 05:14 PM

  Since version 4.8, OpenSSH supports chrooting (see http://openssh.org/txt/release-4.8), so no patches are needed anymore. This tutorial describes how to give users chrooted SSH access. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to use chrooted SFTP.


The above is from howtoforge but it doesnt work. My tutorial and script actually works and allows access to only the users home directory and not the entire home directory where they can see other users. This is a full chroot jail for SSH/SCP/ and SFTP access to ones own directory.


Login to shell as root and run the following to make sure you have everything:


apt-get install ssh openssh-server sudo debianutils coreutils


Now open up your SSH config file

nano /etc/ssh/sshd_config


Scroll to the bottom and make sure to add the following and comment out the second line



Subsystem sftp internal-sftp
#Subsystem sftp /usr/lib/openssh/sftp-server


Now at the bottom add the following making sure the user you are chrooting is replaced in the lines where it says USER



UseDNS no
AllowUsers USER

Match User USER
   PasswordAuthentication yes
   ChrootDirectory /home/%u
   AllowTCPForwarding no
   X11Forwarding no



Now restart SSH

service ssh restart


Now download the script and install the libraries for the user:

cd /usr/local/sbin
wget http://www.devcu.com/apps/make_chroot_jail.sh
chmod 700 /usr/local/sbin/make_chroot_jail.sh

Remember to replace the word USER below with the actual user and edit the home directory accordingly.

make_chroot_jail.sh USER /bin/bash /home/USER

Answer the questions, yes, yes and then you are done.



Login to the account to test and you will see the user can only access their own directory via SSH/SCP and SFTP

  • 0

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users