Created
November 4, 2015 16:44
-
-
Save acorncom/a2f7757b7bf1f2f83161 to your computer and use it in GitHub Desktop.
SFTP Only access using OpenSSH with ChrootDirectory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Restricted SFTP-only access to a single directory using OpenSSH 4.9+ | |
| Edit ```/etc/ssh/sshd_config``` | |
| ``` | |
| Match Group sftp-users | |
| # Force the connection to use SFTP and chroot to the required directory. | |
| ForceCommand internal-sftp | |
| ChrootDirectory /home/sftp-users | |
| # Disable tunneling, authentication agent, TCP and X11 forwarding. | |
| PermitTunnel no | |
| AllowAgentForwarding no | |
| AllowTcpForwarding no | |
| X11Forwarding no | |
| ``` | |
| ``` | |
| sudo addgroup sftp-users | |
| sudo adduser --ingroup sftp-users testsftp | |
| sudo chown root /home/sftp-users | |
| sudo chmod go-w /home/sftp-users | |
| sudo mkdir /home/sftp-users/public | |
| sudo chgrp sftp-users /home/sftp-users/public | |
| sudo chmod g+rwx /home/sftp-users/public | |
| sudo service ssh restart | |
| ``` | |
| ref: | |
| - http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/ | |
| - http://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/ | |
| - http://askubuntu.com/questions/49271/how-to-setup-a-sftp-server-with-users-chrooted-in-their-home-directories | |
| - http://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment