Special SSH Configuration

ssh linux users

This tutorial has how to chroot ssh/sftp users. Essentially, you'll need to create a configuration section at the end of sshd_config like

Match User username
    ChrootDirectory /home/somewhere
    AllowTCPForwarding no
    X11Forwarding no

Add to that the PasswordAuthentication Yes (or ChallengeResponseAuthentication, whichever you're using) instruction to allow that user to use passwords.

If you want to ensure that the user can't create their own commands (you'd be surprised what you can do with bash) you'll need to make sure that everything in /home/somewhere is not owned by the user and not writable by the user.

That tutorial also links to a script for finding all the prerequisites of the commands you want to add to the jail and building your chroot jail.


The lock down part of your question is already answered at the question How can I chroot ssh connections?.

Per user configuration can be achieved by the Match section as others have posted.

Related

Cooling requirements for POE switches?
How to Monitor Network in Medium-Sized Company?
Does ZFS cache Compressed or Uncompressed data in a ZFS file-system with compression turned on?
How does `sudo` search the path for executables?
How to interpret traceroute / output of MTR?
Is it safe to open port 3306 in Firewall for external MySQL Connection
rpm spec: conditional require based of distro version
Ping with long delay but short reported time
Structured Cabling Server Racks
Is there a way to set an AWS instance's name from command line tools?
Monotonic growth of Linux directory size/block count
determine ulimit for root user