Note: You are viewing an old version of this page. View the current version.

  1. Make sure openssh version is 5 or above (some 4s do work but 5 better)
  2. Add these lines to sshd config
Match Group sftponly
    ChrootDirectory /home/chroot/%u
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp
  1. Make sure the Subsystem line is this
Subsystem       sftp    internal-sftp
  1. create the sftponly group on the system
  2. put the relevent users in this group. be careful as you will stop them being able to ssh in
  3. Dead important this bit:
mkdir -p /home/chroot/<user>/home/<user>/.ssh
chown -R root /home/chroot/<user>
chown -R <user> /home/chroot/<user>
chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
ln -s /home/chroot/<user>/home/<user> /home/.
  1. Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh