• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to set up chroot jail SFTP

by admin

chrooting sftp is a feature provided by the OpenSSH package in Linux. You can set up a chroot environment to avoid unwanted alterations of the system including uploads in unwanted locations when users are making use of sftp. When you chroot sftp for a specific user or all the users, the users can only access their home directories and subdirectories under it.

Method 1 (by openssh natively)

Starting from openssh-5.x version, sftp could chroot to specific directory. The following steps could implement the native openssh chroot for sftp.

1. Create the jail directory.

# mkdir /chroot/home

2. Mount it to /home as follows:

# mount -o bind /home /chroot/home

3. Edit /etc/ssh/sshd_config as follows:

# vi /etc/ssh/sshd_config
ChrootDirectory /chroot
Subsystem sftp internal-sftp

4. restart the sshd service:

# service sshd restart
Note: Please ensure the jail directory should be root owned and could not writable by any other user or group.

Method 2 (by using pam_chroot)

1. Add chroot into /etc/pam.d/sshd file:

# vi /etc/pam.d/sshd
session required pam_chroot.so

2. Modify /etc/security/chroot.conf to include the chroot directory.

# vi /etc/security/chroot.conf
user /chroot_dir

3. Modify /etc/ssh/ssh_config

# vi /etc/ssh/ssh_config
Subsystem sftp /usr/libexec/openssh/sftp-server

4. Restart sshd to apply new configuration:

# service sshd restart

Filed Under: Linux

Some more articles you might also be interested in …

  1. CentOS / RHEL 6 : How to disable telnet service
  2. lastlog Command Examples in Linux
  3. How to Convert a Directory to Partition in Linux
  4. Image optimization with webp
  5. CentOS / RHEL : How to create and host yum repository over httpd
  6. Understanding DNS zone files
  7. ClusterSSH(cssh) – Manage Multiple SSH Sessions on Linux
  8. 6 Useful journalctl Command Examples in CentOS / RHEL 7 (Cheat Sheet)
  9. How to find which specific ethernet device corresponds to a specific port on a multi-interface network card in CentOS/RHEL
  10. How to calculate recommended value of vm.min_free_kbytes Kernel Tuning Parameter

You May Also Like

Primary Sidebar

Recent Posts

  • JavaFX ComboBox: Set a value to the combo box
  • Nginx load balancing
  • nginx 504 gateway time-out
  • Images preview with ngx_http_image_filter_module

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright