Chroot SFTP? How to limit users only to their home folder and sub folder

Post Reply
tienloc1
Posts: 27
Joined: Sun Aug 08, 2021 9:58 pm

I'm not sure if it's a part of FTP or not.

I have been given access to SSH Access(bash) to my user and I want to restrain the user's login to their own home folder/sub folder. They can't allow to cd to home or higher.

I tried to use this cmd:
chmod o-x /home/*
But it only works if they access like normal FTP with File Zilla, if they tried to use the Bitvise SSH tool, they can freely go to the home directory and higher.

I hope to receive some hints, thank you.
User avatar
myVesta
Site Admin
Posts: 928
Joined: Fri Jun 19, 2020 9:59 am
Has thanked: 8 times
Been thanked: 6 times

Limiting user to SFTP (blocking SSH), allowing only homedir:

Code: Select all

vi /etc/ssh/sshd_config
# Comment line:

Code: Select all

Subsystem sftp /usr/lib/openssh/sftp-server
# so it will be:

Code: Select all

# Subsystem sftp /usr/lib/openssh/sftp-server
On the end of file add:

Code: Select all

####
Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /chroot/%u
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp
####
# then in SSH run

Code: Select all

service sshd restart
groupadd sftp-only
# then in SSH paste

Code: Select all

user=example_user # here enter user you want to chroot

home=/home/$user
if [ ! -d "$home" ]; then
    mkdir -p /chroot/$user/$home
    chmod 750 /chroot/$user
    chmod 775 /chroot/$user/$home
    chown root:sftp-only /chroot/$user
    chown $user:sftp-only /chroot/$user/$home

    usermod -a -G sftp-only $user

    mount -o bind $home /chroot/$user/$home/
fi
tienloc1
Posts: 27
Joined: Sun Aug 08, 2021 9:58 pm

Thank you so much for your quick guide with the full details.
dmmdcc13
Posts: 3
Joined: Sun Apr 23, 2023 8:43 pm

I feel like I am missing something here. I have purchased the plugin and installed the license key.

I don't every receive the License activated prompt?

At any rate i have tried running the chroot commands listed here but when I login with a user with SFTP they can access all directories on the server (with the exception of the other user directory's setup) please advise.

Thank you in advance.
Post Reply