Dave's Brain

Browse - computer tips - jailing sftp users

Date: 2004Oct16

Q. How do I keep sftp users in their home directory?

A. Use rssh.

- Install the package the usual way: "yum -y install rssh"

- You'll also want to download (but not install) the source
  in /usr/local/src/rssh-VERSION

- Make a jail directory: mkdir /usr/local/jail

- Modify the user to use rssh and the jail directory.
  So an example /etc/passwd entry would be:

  sftpguy:x:818:821::/usr/local/jail/home/sftpguy:/usr/bin/rssh

- Modify /etc/rssh.conf (the configuration file)

  - Uncomment this line:
  allowsftp

  - Set the following:
  chrootpath = /usr/local/jail

- Make the jail.

  sh /usr/local/src/rssh-VERSION/mkchroot.sh /usr/local/jail

- Make the user's home directories:
  mkdir /usr/local/jail/home
  mkdir /usr/local/jail/home/sftpguy
  chown -R sftpguy.sftpguy /usr/local/home/sftpguy

- That's it

Add a comment

Sign in to add a comment
Copyright © 2008, dave - Code on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License.