SFTP access akin to jailed shell

redhat sftp jail

OpenSSH (which also provides sftp and scp functionality) has gained chroot functionality in its later versions. Basically you just need to add lines similar to these one to your /etc/ssh/sshd_config file.

Subsystem sftp internal-sftp

Match group sftpusers
     ChrootDirectory /var/www/xy/backup/files/
     X11Forwarding no
     AllowTcpForwarding no
     ForceCommand internal-sftp

Then create a new group called sftpusers with command groupadd sftpusers.

The last step is then to create a user belonging to group sftpusers: 

useradd -g sftpusers -d /var/www/xy/backup/files yourusername 
passwd yourusername

Then just restart your ssh service: /etc/init.d/sshd restart and you should be all set.


You can use sshd configuration to achieve this. Create a user e.g. fred then add the following to your sshd_config file

Match user fred
    ChrootDirectory /var/www/xy/backup/files
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

This will lock the user fred to the desired directory and it's sub directories. The user fred only needs r--access to the file and r-x to the directories. Check the current permissions it may already be able to do this.

Related

Windows Server - DHCP/DNS Updates - purging outdated DNS records
Citrix XenServer: how to add RAM to a guest VM without XenCenter?
Nagios Hosts Down but services up
How to migrate physical Debian installation into VirtualBox image
Securing Internet and E-mail in small corporate environment
PHP serving blank pages to <1% of users
Moving postgres data folder on NFS drive. Is it better to symlink, reinit cluster, or modify init.d script?
Can nss/pam ldap send password to ldap server already hashed?
Diagnosing possible intermittent network failures/slowdowns; tool?
Ask Siri to set timer with alarm [duplicate]
How to upgrade from OS X El Capitan 10.11.6 to macOS Sierra 10.12.6
How to get rid of ios beta update messages?