SSH: SFTP only + Chroot

SFTP Only + Chroot on Debian

Configure SFTP only + Chroot. Some users who are applied this settings can access only with SFTP and access to the permitted directories.
[1] For example, Set /home as the Chroot directory.

# create a group for SFTP
root@dlp:~# groupadd sftp_users
# apply to a user "ubuntu" for SFTP only
root@dlp:~# usermod -G sftp_users debian
root@dlp:~# vi /etc/ssh/sshd_config
# line 77: comment out and add a line like below
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
# add follows to the end
Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home
  ForceCommand internal-sftp
root@dlp:~# systemctl restart ssh

[2] Try to access with a user and make sure the settings.

debian@www:~$ ssh debian@10.0.0.30
debian@10.0.0.30's password:
This service allows sftp connections only.
Connection to 10.0.0.30 closed. # denied normally
debian@www:~$ sftp debian@10.0.0.30
Connecting to 10.0.0.30...
debian@10.0.0.30's password:
sftp> ls -l
drwxr-xr-x    2 1001     1001         4096 May  1 13:55 debian
drwxr-xr-x   25 1000     1000         4096 May  2 13:07 jessie
sftp> pwd
Remote working directory: /
sftp> exit

DANS Media

Paham Ilmu, Kesehatan, dan Pengetahuan, tertarik dengan Financial Technology, mengajak banyak orang agar paham akan Ilmu dan Pengetahuan

DANS Media

SSH: SFTP only + Chroot

Post a Comment

Install MariaDB Ubuntu 20.04 LTS

Install VNC Server

SSH Key-Pair Authentication on Debian

Generate Link