Wednesday, 27 June 2012

SFTP Chroot Jailing - Restricting users to their individual home directories

Secure FTP Chroot jailing 
In this article, I am going to explain you how to enable chroot jailing on sftp which means that sftp users can view and edit only within their home directories only. By default sftp users have shell access to access other users home directories and they also have access under / directories. Let us see how to restrict sftp users within their home directories.



Step 1: Creating chroot directory to secure /home



#mkdir /chroot/home



Step 2: Mount it to /home

#mount -o bind /home /chroot/home 

Step 3: Editing ssh configuration file (this is not per user configuration and the directories must contain root permission)

#vim /etc/ssh/sshd_config

Enable this line 

   ChrootDirectory /chroot

At the end of file, add this line

   Subsystem sftp internal-sftp

Step 4: Now restart the service

#/etc/init.d/sshd restart

That's it.....Now sftp users can view and edit within their home directories

No comments:

Post a Comment