Ben.T. George

This tutorial describes how to give users chrooted SSH and/or chrooted SFTP access on Redhat/Centos(or more). With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to restrict users to SFTP so that they cannot use SSH

create a group for sftp users

# groupadd sftp-only

Create user (test1 is our user)

# useradd -c “SFTP User” -G sftp-only -s /bin/nologin test1

edit the sshd_config and add below changes

Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /appl/data/input (or your directory)
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

example of sftp connection

ssh connection. And it’s dropped