individual ssh/sftp chroot

Author: Stephan  |  Category: Linux, Netzwerk

No execute or writepermissioms for the rest of the system is very simple on a linux system. To prevent , that a user, that only needs to upload files as an example, can see the rest of the system is a little bit more difficult.

One Solution:
We have a user named kunde.
We add a group sftpuser. Kunde became member of sftpuser.

We change
Subsystem sftp /usr/lib/openssh/sftp-server

in /etc/ssh/sshd.conf to
Subsystem sftp internal-sftp
and add

Match Group sftpuser
ChrootDirectory %h
ForceCommand internal-sftp

Then the ftpuser get an new home. Only root had write permissions

drwxr-xr-x 4 root root 4096 May 16 15:54 ftphome

For the individuap home , you need these permssions
drwxr-xr-x 2 kunde sftpuser 4096 May 16 15:52 kunde

Restart sshd
Thats all