Home > Linux > Short: SFTP chroot for user to web root

Short: SFTP chroot for user to web root

November 9th, 2011 Leave a comment Go to comments

I needed sometimes to grant access to web root for developer/friends and don’t want to  allow them “chillout” thru directories Winking smile . Here is sample how to setup SSHD server to allow sftp connection and chroot it to home directory – basically lock user via SFTP to Virtual Home for web server.

  1. create group sft 
    groupadd sftp
  2. add user – adding him to group sftp / false login as shell / home diectory setup for his next “chrooted” root and his username  and finally set password, like

    useradd –g sftp –s /bin/false –d /var/www/home/vhost/site.com username
passwd username
  3. Now, its time to configrue SSHD daemon – on RHEL / Fedora and most of them its located in /etc/ssh directory – edit sshd_config filevi /etc/sshd/sshd_configand modify/add this to end of file: 
    # override default of no subsystems
 #Subsystem     sftp    /usr/libexec/openssh/sftp-server
 Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
 Match group sftp
 ChrootDirectory %h
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp
  4. Last thing – restart sshd

    /etc/init.d/sshd restart
  5. One more thing – be careful with permissions on HOME directory 
    chown username:sftp /var/www/home/vhost/site.com


  6. now lets copy something to it via WinSCP windows client
    download application WinSCP which is Windows SCP/SFTP client , very powerfull, just missing plugin for TotalCommander, sniffimage
  7. Create connection via New in WinSCP
  8. and hit login , you will be prompted for  accepting ssh fingerprint and voila, we are in, and nowhere else to moveimage

 

let me know, if you find it usefull.

Categories: Linux Tags: , , , ,
  1. No comments yet.
  1. No trackbacks yet.

%d bloggers like this: