Tagged: jail

Linux chroot, jail or isolate SFTP user to a directory – Debian/Ubuntu – How-to

I’m assuming you are logged in as root.

!IMPORTANT!
The directory and its parent directories you assign to ChrootDirectory MUST be owned by root and assigned the group root. Otherwise SFTP clients will not be able to connect, access, upload or modify files and directories.

Install Open SSH Server

apt-get install openssh-server -y

chroot user

adduser USERNAME
passwd USERNAME

Edit SSH Server config

nano +77 /etc/ssh/sshd_config

Comment out & add

# Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Chroot USERNAME to directory /var/www/html
Add to bottom of config & save file.

### Custom ###
Match User USERNAME
ChrootDirectory /var/www/html
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Restart SSH Server

service ssh restart