This tutorial explains how to jail a user for sftp.
It works! 🙂
A nice tutorial for linux users can be found here http://www.tecmint.com/add-users-in-linux/.
This tutorial explains how to jail a user for sftp.
It works! 🙂
A nice tutorial for linux users can be found here http://www.tecmint.com/add-users-in-linux/.
My jailed user wasn’t connecting to the server via SFTP….
Had to see what was going on!!
root@digitalwhores:/home# tail -f /var/log/auth.log
auth.log looked like this…
Jul 23 19:47:55 digitalwhores systemd-logind[580]: New session 1307 of user sftpuser. Jul 23 19:47:55 digitalwhores jk_chrootsh[18961]: path /home/jail is group writable Jul 23 19:47:55 digitalwhores jk_chrootsh[18961]: path /home/jail is writable for others Jul 23 19:47:55 digitalwhores jk_chrootsh[18961]: abort, /home/jail is not a safe jail, check ownership and permissions.
Jul 23 19:50:07 digitalwhores jk_chrootsh[19034]: abort, path /home/jail/./home/sftpu is group writable, set option 'relax_home_group_permissions' to relax this check
chmod 0755 /home chmod 0755 /home/jail chmod 0755 /home/jail/home
chmod 0755 /home/jail/home/**USERS**
cd /home
mkdir username
useradd -d /home/username -M -N -g users username
sudo chown root:root /home/username
sudo chmod 755 /home/username
nano /etc/ssh/sshd_config
Search for “lib/openssh/sftp-server” and make it like
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Add the following lines bellow it…
Match User username
ChrootDirectory /home/username
ForceCommand internal-sftp
service ssh restart
More readings
http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/
http://superuser.com/questions/370953/how-to-not-allow-user-outside-of-home-directory-with-sftp