Differences between version 2 and previous revision of KnowledgeBase/OpenSshChroot.

Other diffs: Previous Major Revision, Previous Author

Newer page: version 2 Last edited on Saturday, 8 May 2010 5:25:59 by CyberLeo Revert
Older page: version 1 Last edited on Sunday, 14 March 2010 3:45:38 by CyberLeo Revert
@@ -16,9 +16,9 @@
 # Dead important this bit: 
 <verbatim> 
 mkdir -p /home/chroot/<user>/home/<user>/.ssh 
 chown -R root /home/chroot/<user> 
-chown -R <user> /home/chroot/<user> 
+chown -R <user> /home/chroot/<user>/home /<user> 
 chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user> 
 ln -s /home/chroot/<user>/home/<user> /home/. 
 </verbatim> 
 # Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh 

version 2

  1. Make sure openssh version is 5 or above (some 4s do work but 5 better)
  2. Add these lines to sshd config
Match Group sftponly
    ChrootDirectory /home/chroot/%u
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp
  1. Make sure the Subsystem line is this
Subsystem       sftp    internal-sftp
  1. create the sftponly group on the system
  2. put the relevent users in this group. be careful as you will stop them being able to ssh in
  3. Dead important this bit:
mkdir -p /home/chroot/<user>/home/<user>/.ssh
chown -R root /home/chroot/<user>
chown -R <user> /home/chroot/<user>/home/<user>
chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
ln -s /home/chroot/<user>/home/<user> /home/.
  1. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh