Skip to content

Instantly share code, notes, and snippets.

@jonforums

jonforums/chroot_sftp

Last active Aug 29, 2015
Embed
What would you like to do?
Chrooted SFTP users setup
# New SFTP users are chrooted by OpenSSH in their homes rooted at /srv/sdrop.
# Home directories are owned by root and not writeable by any other user. To
# allow SFTP users to upload files, an `uploads` subdir owned by the SFTP user
# is created in each user's home dir. Ensure /usr/sbin/nologin is listed in
# /etc/shells
sudo addgroup sftp
sudo useradd -s /usr/sbin/nologin -d /srv/sdrop/xfer -G sftp -M xfer
sudo passwd xfer
sudo mkdir -p /srv/sdrop/xfer/uploads
sudo chown xfer:xfer /srv/sdrop/xfer/uploads
sudo vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match Group sftp
AllowUsers *
AllowGroups sftp
ChrootDirectory %h
ForceCommand internal-sftp
PasswordAuthentication yes
AllowTcpForwarding no
sudo restart ssh | sudo systemctl restart sshd.service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.