Monthly Archive: 六月 2016

linux sftp user jailed into home directory

  • Check openssh version(Should newer than 4.8)
ssh -V
  • Edit ssh configuration file
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak.20160606
vim /etc/ssh/sshd_config
  • Comment lines ‘Subsystem *’, add line:
#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
  • Add lines from bottom of the conf file
Match Group cardftp
       ChrootDirectory %h
       ForceCommand internal-sftp
       AllowTcpForwarding no
  • Restart sshd service:
service sshd restart
  • Create group
groupadd cardftp
  • Create user
useradd -g cardftp -d /ftp/card -s /bin/false cardftp
  • Correct directory ownership
chown root:cardftp /ftp/
chown root:cardftp /ftp/card/
chmod 755 /ftp
chmod 755 /ftp/card
  • Give password to your sftp user