Creating a chrooted sftp user
/etc/ssh/sshd_config:
# override default of no subsystems #Subsystem sftp /usr/libexec/openssh/sftp-server Subsystem sftp internal-sftp # Example of overriding settings on a per-user basis Match Group sftponly ChrootDirectory %h X11Forwarding no AllowTCPForwarding no ForceCommand internal-sftp
add the user and group:
groupadd sftponly mkdir -p /home/chroot/username useradd -d /home/chroot/username -s /sbin/nologin -G sftponly username passwd username
updating permissions:
chmod 711 /home/chroot chown root: /home/chroot chmod 755 /home/chroot/username chown root: /home/chroot/username
create directory:
/home/chroot/username/your.website.com
/etc/fstab:
/var/websites/your.website.com/www/shared /home/chroot/username/your.website.com none bind 0 0
mount -a mount | grep /home/chroot/username
set permissions for website:
setfacl -Rm u:username:rwX /home/chroot/username/your.website.com/ setfacl -Rm d:u:username:rwX /home/chroot/username/your.website.com/
testing (server side):
tail -f /var/log/secure
testing (client side):
sftp username@ip_address