Chroot environment setup: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Setting up a chroot-environment: | Setting up a chroot-environment: | ||
Add this to /etc/ssh/sshd_config: | Add this to <code>/etc/ssh/sshd_config</code>: | ||
#Subsystem sftp /usr/lib/openssh/sftp-server | #Subsystem sftp /usr/lib/openssh/sftp-server | ||
Line 16: | Line 16: | ||
Restart sshd | Restart sshd | ||
service ssh restart | service ssh restart | ||
or | |||
systemctl restart sshd.service | |||
Add a new group | Add a new group | ||
Line 27: | Line 28: | ||
cd /home/username | cd /home/username | ||
mkdir | mkdir tmp | ||
chown username:filetransfer | chown username:filetransfer tmp | ||
Latest revision as of 11:06, 6 September 2023
Setting up a chroot-environment:
Add this to /etc/ssh/sshd_config
:
#Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp # Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/ Match Group filetransfer ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Restart sshd
service ssh restart
or
systemctl restart sshd.service
Add a new group
addgroup --system filetransfer
For each chrooted user:
usermod -G filetransfer username chown root:root /home/username chmod 755 /home/username
cd /home/username mkdir tmp chown username:filetransfer tmp