Thursday, 21 February 2013

How to create SFTP jailed user


If you want to setup an account on your system that will be used only to transfer files (and not to ssh to the system), you should setup SFTP Chroot Jail as explained here.

First create a user using useradd command with the home directory being the one which should we need to connect to.

Then open the configuration file /etc/ssh/sshd_config

Modify the the /etc/ssh/sshd_config file and comment out the following line:

#Subsystem       sftp    /usr/libexec/openssh/sftp-server

Next, add the following line to the /etc/ssh/sshd_config file

Subsystem       sftp    internal-sftp

Match User username
    ChrootDirectory Directory name

    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Save and restart sshd

If you are getting errors then please turn on the ssh debuggin by

Set the log level to DEBUG in /etc/ssh/sshd_config and restart
ssh then try connecting again, check /var/log/auth.log for debugging
info which may give more information.

Make sure that the permission of the folders and sub folders should be root:root


No comments:

Post a Comment