• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to set up chroot jail SFTP

By admin

chrooting sftp is a feature provided by the OpenSSH package in Linux. You can set up a chroot environment to avoid unwanted alterations of the system including uploads in unwanted locations when users are making use of sftp. When you chroot sftp for a specific user or all the users, the users can only access their home directories and subdirectories under it.

Method 1 (by openssh natively)

Starting from openssh-5.x version, sftp could chroot to specific directory. The following steps could implement the native openssh chroot for sftp.

1. Create the jail directory.

# mkdir /chroot/home

2. Mount it to /home as follows:

# mount -o bind /home /chroot/home

3. Edit /etc/ssh/sshd_config as follows:

# vi /etc/ssh/sshd_config
ChrootDirectory /chroot
Subsystem sftp internal-sftp

4. restart the sshd service:

# service sshd restart
Note: Please ensure the jail directory should be root owned and could not writable by any other user or group.

Method 2 (by using pam_chroot)

1. Add chroot into /etc/pam.d/sshd file:

# vi /etc/pam.d/sshd
session required pam_chroot.so

2. Modify /etc/security/chroot.conf to include the chroot directory.

# vi /etc/security/chroot.conf
user /chroot_dir

3. Modify /etc/ssh/ssh_config

# vi /etc/ssh/ssh_config
Subsystem sftp /usr/libexec/openssh/sftp-server

4. Restart sshd to apply new configuration:

# service sshd restart

Filed Under: Linux

Some more articles you might also be interested in …

  1. Linux OS Service ‘o2cb’
  2. How to Install NTP Service and Client in CentOS/RHEL 8
  3. CentOS / RHEL 6 : Install and Configure SNMPv3
  4. How to Reinstall Corrupted Library with yum
  5. RHEL / CentOS : How to rebuild LVM from Archive (metadata backups)
  6. UNIX / Linux : What Is a Shell? What are different Shells?
  7. Linux OS Service ‘hplip’
  8. How to disable NUMA on EFI Boot Loaders using GRUB2 (CentOS/RHEL 6)
  9. How to gzip all or specific files in Linux
  10. How to Create and Mount Btrfs Snapshots

You May Also Like

Primary Sidebar

Recent Posts

  • SQL script to find tables that are fragmented
  • TRUNCATE TABLE not releasing space from tablespace
  • How to reclaim entire space of an oracle database table with “Truncate Table” statement
  • Oracle SQL Script to Report Tablespace Free and Fragmentation
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary