• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

The Geek Diary

HowTos | Basics | Concepts

  • Solaris
    • Solaris 11
    • SVM
    • ZFS
    • Zones
    • LDOMs
    • Hardware
  • Linux
    • CentOS/RHEL 7
    • RHCSA notes
    • SuSE Linux Enterprise
    • Linux Services
  • VCS
    • VxVM
  • Interview Questions
  • oracle
    • ASM
    • mysql
    • RAC
    • oracle 12c
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Hadoop
    • Hortonworks HDP
      • HDPCA
    • Cloudera
      • CCA 131

How to setup a chroot ssh/sftp in Solaris 10

By admin

Parameter ChrootDirectory in /etc/ssh/sshd_config allows the specification of a chroot target directory which will then be used for all ssh and sftp sessions to this server. The target directory definition can utilize the %u and %h tokens to customize the target directory based on the username or the users home directory. Below are various scenarious and their configuration steps.

Case 1 : One common chroot directory for all users

In this example we will configure one target directory which will be used for all users. This is the simplest setup. We will use the directory /export/home/chroot in this example.

1. Create the chroot area by using the ftpconfig command:

# ftpconfig -d /export/home/chroot
Creating directory /export/home/chroot
Updating directory /export/home/chroot

2. Create the user and assign a password:

# useradd -d /export/home/chroot testuser
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser

3. Add the following chroot option to the file /etc/ssh/sshd_config

# vi /etc/ssh/sshd_config
ChrootDirectory /export/home/chroot

4. Restart the ssh service to activate the configuration changes:

# svcadm restart ssh

Case 2 : One common chroot directory for all users, but each user has its own home directory inside this area

In this example we will configure one target directory which will be used for chroot but each user has its own home directory inside this area. After a login the user will find himself inside the home directory but can still navigate inside the entire chroot area. The user is therefore not restricted to his own home directory. We will use /export/home/chroot as the common chroot directory.

1. Create the chroot area by using the ftpconfig command:

# ftpconfig -d /export/home/chroot
Creating directory /export/home/chroot
Updating directory /export/home/chroot

2. Create the user with its own home directory inside the chroot area and assign a password to the user:

# useradd -d /export/home/chroot/testuser -m testuser
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser

3. Change the users home directory to make it valid and relative inside the chroot area. In this example it would be /testuser

# usermod -d /testuser testuser

4. Add the following chroot option to the file /etc/ssh/sshd_config file.

# vi /etc/ssh/sshd_config
ChrootDirectory /export/home/chroot

5. Restart the ssh service to activate the configuration change:

# svcadm restart ssh

Case 3 : Each user has a separate chroot environment

In this example we will setup an individual chroot area for each user. Please note that this needs more disk space than the first two options as each area needs to be populated with a few required files. We will setup the user home directories under /export/home/chroot where each user will have its own full populated environment.

1. Create the target chroot environment by using the ftpconfig command:

# mkdir /export/home/chroot
# ftpconfig -d /export/home/chroot/testuser
Creating directory /export/home/chroot/testuser
Updating directory /export/home/chroot/testuser

2. Create the user and assign a password:

# useradd -d /export/home/chroot/testuser testuser
# passwd testuser
New Password:
Re-enter new Password:
passwd: password successfully changed for testuser

3. Add the following chroot configuration line to the file /etc/ssh/sshd_config:

# vi /etc/ssh/sshd_config
ChrootDirectory %h

4. Restart the ssh service to activate the configuration change:

# svcadm restart ssh
Note: You can also use the target directory /export/home/chroot/%u in the ChrootDirectory definition above
How to setup a chroot ssh/sftp for specific users in Solaris 10

Filed Under: Solaris

Some more articles you might also be interested in …

  1. 12 iostat examples for Solaris performance troubleshooting
  2. Solaris : How to create processor set (pset) and associate it with a pool
  3. M8000 / M9000 : How to update XCP firmware (XSCF firmware upgrade)
  4. Solaris : How to unconfigure and configure a cpu/memory board using cfgadm
  5. How to check zpool status in Solaris
  6. Solaris 11 : How to monitor network traffic using “ipstat”, “tcpstat” and “netstat” commands
  7. How to replace a disk under ZFS in Solaris
  8. How to provide unique hostid for a non global zone
  9. Solaris 11 : How to verify whether I’m logged into a Kernel Zone?
  10. How to configure rsyslog on Solaris 11.1 to send messages to a remote host using TCP

You May Also Like

Primary Sidebar

Recent Posts

  • Linux OS Service ‘cups’
  • “Warning: RPMDB altered outside of yum.” – On installing/updating/erasing a package using YUM command
  • How to Generate Unique IDs For MysQL Cluster Backups
  • Oracle 11g – New ASM features
  • ASM Fast Mirror Resync Feature – Example To Simulate Transient Disk Failure And Restore Disk
  • Archives
  • Contact Us
  • Copyright

© 2019 · The Geek Diary