Skip to content

Chroot SFTP

cpx July 10, 2012 1 min read SSH/22

1. Create the sftp init script – /etc/init.d/sftpfoo

Code:
#!/bin/bash
#
# chkconfig: 35 60 25
# description: OpenSSH chrooted sftp only daemon
#
# Note that /usr/sbin/sftpfoo is simply a symlink to /usr/sbin/sshd
#

pidfile='/var/run/sftpfoo.pid'

case "${1}" in

start  ) exec -a /usr/sbin/sftpfoo /usr/sbin/sshd -f /etc/ssh/sftpfoo_config
         ;;
stop   ) kill -9 $(cat ${pidfile})
         ;;
restart) stop
         sleep 3
         start
         ;;
*      ) echo "Usage: ${0} (start|stop|restart)"
         ;;

esac

exit 0

2. Add it to chkconfig(8) consciousness and set up a symlink you’ll need later.

Code:
# chkconfig --add sftpfoo
# ln -s /usr/sbin/sshd /usr/sbin/sftpfoo

3. Create your sftp config file – /etc/ssh/sftpfoo_config

Code:
Port 8822
Protocol 2
AddressFamily inet

SyslogFacility AUTHPRIV
LogLevel INFO

PermitRootLogin no

RSAAuthentication no
PubkeyAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no

UsePAM no

PidFile /var/run/sftpfoo.pid

ChrootDirectory /home/chrooted
Subsystem sftp internal-sftp

4. Create your first sftp-only user

Code:
# useradd -d /nowhere -M -s /sbin/nologin baruser

5. Create the chroot directory

Code:

# mkdir -p /home/chrooted && chmod 755 /home/chrooted

6. Start the sftp service

Code:
# service sftpfoo start

# recommended

posts that share tags with this one
SSH/22 # ssh-sftp

sftp drive mount on linux

To mount directory: sshfs $user@$computerip:/x: /media/$mountname $stands before variable To unmount directory use : fusermount -u /media/$mountname in case that fuse kernel…

2011-10-18 1 min read →
0 0 votes
Article Rating
guest

0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x