• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to setup a chroot ssh/sftp in Solaris 10

by admin

Parameter ChrootDirectory in /etc/ssh/sshd_config allows the specification of a chroot target directory which will then be used for all ssh and sftp sessions to this server. The target directory definition can utilize the %u and %h tokens to customize the target directory based on the username or the users home directory. Below are various scenarious and their configuration steps.

Case 1 : One common chroot directory for all users

In this example we will configure one target directory which will be used for all users. This is the simplest setup. We will use the directory /export/home/chroot in this example.

1. Create the chroot area by using the ftpconfig command:

# ftpconfig -d /export/home/chroot
Creating directory /export/home/chroot
Updating directory /export/home/chroot

2. Create the user and assign a password:

# useradd -d /export/home/chroot testuser
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser

3. Add the following chroot option to the file /etc/ssh/sshd_config

# vi /etc/ssh/sshd_config
ChrootDirectory /export/home/chroot

4. Restart the ssh service to activate the configuration changes:

# svcadm restart ssh

Case 2 : One common chroot directory for all users, but each user has its own home directory inside this area

In this example we will configure one target directory which will be used for chroot but each user has its own home directory inside this area. After a login the user will find himself inside the home directory but can still navigate inside the entire chroot area. The user is therefore not restricted to his own home directory. We will use /export/home/chroot as the common chroot directory.

1. Create the chroot area by using the ftpconfig command:

# ftpconfig -d /export/home/chroot
Creating directory /export/home/chroot
Updating directory /export/home/chroot

2. Create the user with its own home directory inside the chroot area and assign a password to the user:

# useradd -d /export/home/chroot/testuser -m testuser
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser

3. Change the users home directory to make it valid and relative inside the chroot area. In this example it would be /testuser

# usermod -d /testuser testuser

4. Add the following chroot option to the file /etc/ssh/sshd_config file.

# vi /etc/ssh/sshd_config
ChrootDirectory /export/home/chroot

5. Restart the ssh service to activate the configuration change:

# svcadm restart ssh

Case 3 : Each user has a separate chroot environment

In this example we will setup an individual chroot area for each user. Please note that this needs more disk space than the first two options as each area needs to be populated with a few required files. We will setup the user home directories under /export/home/chroot where each user will have its own full populated environment.

1. Create the target chroot environment by using the ftpconfig command:

# mkdir /export/home/chroot
# ftpconfig -d /export/home/chroot/testuser
Creating directory /export/home/chroot/testuser
Updating directory /export/home/chroot/testuser

2. Create the user and assign a password:

# useradd -d /export/home/chroot/testuser testuser
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser

3. Add the following chroot configuration line to the file /etc/ssh/sshd_config:

# vi /etc/ssh/sshd_config
ChrootDirectory %h

4. Restart the ssh service to activate the configuration change:

# svcadm restart ssh
Note: You can also use the target directory /export/home/chroot/%u in the ChrootDirectory definition above
How to setup a chroot ssh/sftp for specific users in Solaris 10

Filed Under: Solaris

Some more articles you might also be interested in …

  1. How to set up cron for automatic data collection from the system activity reporter (SAR) in Solaris 10 and 11
  2. Solaris ZFS : How to replace a failed disk in rpool (x86)
  3. How to Check Solaris Release and Default Kernel Version
  4. Beginners guide to Oracle Solaris Live Upgrade
  5. How to make telnet listen to a different port in Solaris
  6. Solaris : Non-root user can’t run prtdiag command
  7. How to add Additional Storage Space Created from Dynamic LUN Expansion in SVM online
  8. How to delegate SMF management to a non-root user in Solaris
  9. Solaris : How to set limit on the maximum number of open files per process
  10. Oracle VM Server for SPARC (Ldoms) : How to Change Primary/Control Domain’s UUID

You May Also Like

Primary Sidebar

Recent Posts

  • vgextend Command Examples in Linux
  • setpci command – configure PCI device
  • db_load command – generate db database
  • bsdtar command – Read and write tape archive files

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright