How to Restrict SFTP Users to Home Directories Using chroot Jail

Create or Modify Users and Groups

Let us restrict the existing user, for example asifnew, to his/her home directory named /home/asifnew. For this, you need to create a new sftpgroup group using groupadd command as shown:

# groupadd sftpgroup

You can also create a new user using useradd command, for example asifnew and assign the user to sftpusers group.

# adduser asifnew -g sftpgroup -s /sbin/nologin
# passwd asifnew

Next, assign the user ‘asifnew’ to sftpgroup group.

# usermod -G sftpgroup asifnew

Modify SSH Configuration File

Open and add the following lines to /etc/ssh/sshd_config configuration file.

Subsystem sftp internal-sftp
   Match Group sftpgroup
   ChrootDirectory /data/
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no

Save and exit the file, restart sshd service to take new changes into effect.

# service sshd restart

 2,908 total views,  3 views today


So empty here ... leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *