Secure FTP Chroot jailing
In this article, I am going to explain you how to enable chroot jailing on sftp which means that sftp users can view and edit only within their home directories only. By default sftp users have shell access to access other users home directories and they also have access under / directories. Let us see how to restrict sftp users within their home directories.
Step 1: Creating chroot directory to secure /home
#mkdir /chroot/homeStep 2: Mount it to /home
#mount -o bind /home /chroot/home
Step 3: Editing ssh configuration file (this is not per user configuration and the directories must contain root permission)
#vim /etc/ssh/sshd_configEnable this line
ChrootDirectory /chroot
At the end of file, add this line
Subsystem sftp internal-sftpStep 4: Now restart the service
#/etc/init.d/sshd restartThat's it.....Now sftp users can view and edit within their home directories
No comments:
Post a Comment