- Make sure openssh version is 5 or above (some 4s do work but 5 better)
- Add these lines to sshd config
Match Group sftponly
ChrootDirectory /home/chroot/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
- Make sure the Subsystem line is this
Subsystem sftp internal-sftp
- create the sftponly group on the system
- put the relevent users in this group. be careful as you will stop them being able to ssh in
- Dead important this bit:
mkdir -p /home/chroot/<user>/home/<user>/.ssh
chown -R root /home/chroot/<user>
chown -R <user> /home/chroot/<user>
chmod -R 755 /home/chroot/<user> /home/chroot/<user>/home/<user>
ln -s /home/chroot/<user>/home/<user> /home/.
- Put their ssh keys in /home/chroot/<user>/home/<user>/.ssh
