Hits :
3499
Chroot SFTP only access
A simple tutorial on howto give a
Chroot SFTP only access to a user
User/Group
Create a user without shell access
# groupadd USERNAME
# useradd -g USERNAME USERGROUP
# usermod -s /sbin/nologin USERNAME
(of course all the above can be done with only one command).
Dont forget to give your new user a decent password
# passwd USERNAME
Changing password for user USERNAME.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
top
sshd configuration file
Edit
sshd_config with your favorite editor
# vim /etc/ssh/sshd_config
and add the below lines:
AllowUsers USERNAME
Match user USERNAME
ChrootDirectory /home/USERNAME/
ForceCommand internal-sftp
PasswordAuthentication yes
after that you have to restart the sshd daemon
/etc/init.d/sshd restart
top
Permissions
Be aware that the home directory must be owned by root
# chown -R root:USERGROUP /home/USERNAME/
top
testing
user@machine ~$ sftp USERNAME@server
Password:
Connected to USERNAME.
sftp> cd /tmp/
Couldn't canonicalize: Permission denied
sftp>
or use
FileZilla[link1]
top