Dec.19

Configure SFTP only + Chroot(Jail)

This tutorial describes how to give users chrooted SSH and/or chrooted SFTP access on Redhat/Centos(or more). With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. I will also show how to restrict users to SFTP so that they cannot use SSH

create a group for sftp users

# groupadd sftp-only

Create user (test1 is our user)

#¬†useradd -c “SFTP User” -G sftp-only -s /bin/nologin test1

edit the sshd_config and add below changes

Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /appl/data/input (or your directory)
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

 

example of sftp connection

screenshot_79

 

ssh connection. And it’s dropped

screenshot_80

Share this Story:
  • facebook
  • twitter
  • gplus

About bentech4u

Leave a comment