Linux chroot, jail or isolate SFTP user to a directory – Debian/Ubuntu – How-to

I’m assuming you are logged in as root.

The directory and its parent directories you assign to ChrootDirectory MUST be owned by root and assigned the group root. Otherwise SFTP clients will not be able to connect, access, upload or modify files and directories.

Install Open SSH Server

apt-get install openssh-server -y

chroot user

adduser USERNAME

Edit SSH Server config

nano +77 /etc/ssh/sshd_config

Comment out & add

# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Chroot USERNAME to directory /var/www/html
Add to bottom of config & save file.

### Custom ###
ChrootDirectory /var/www/html
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Restart SSH Server

service ssh restart

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s