CDNWiki - View Source: KnowledgeBase/OpenSshChroot

Note: You are viewing an old version of this page. View the current version.

# Make sure openssh version is 5 or above (some 4s do work but 5 better)
# Add these lines to sshd config
<verbatim>
Match Group sftponly
    ChrootDirectory /home/chroot/%u
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp
</verbatim>
# Make sure the Subsystem line is this
<verbatim>
Subsystem       sftp    internal-sftp
</verbatim>
# create the sftponly group on the system
# put the relevent users in this group. be careful as you will stop them being able to ssh in
# Dead important this bit:
<verbatim>
mkdir -p /home/chroot/<user>/home/<user>/.ssh
chown -R root /home/chroot/<user>
chown -R <user> /home/chroot/<user>
chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
ln -s /home/chroot/<user>/home/<user> /home/.
</verbatim>
# Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh