Chroot environment setup: Difference between revisions

From Wurst-Wasser.net
Jump to navigation Jump to search
(Created page with " Category:RaspberryPi")
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
Setting up a chroot-environment:


Add this to <code>/etc/ssh/sshd_config</code>:


#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
# Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/
Match Group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp




Restart sshd
service ssh restart
or
systemctl restart sshd.service


Add a new group
addgroup --system filetransfer


For each chrooted user:
usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
cd /home/username
mkdir tmp
chown username:filetransfer tmp
----
* Links
** https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/


[[Category:RaspberryPi]]
[[Category:RaspberryPi]]

Latest revision as of 11:06, 6 September 2023

Setting up a chroot-environment:

Add this to /etc/ssh/sshd_config: 

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

# Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/
Match Group filetransfer
   ChrootDirectory %h
   X11Forwarding no
   AllowTcpForwarding no
   ForceCommand internal-sftp


Restart sshd 

service ssh restart

or 

systemctl restart sshd.service

Add a new group 

addgroup --system filetransfer

For each chrooted user: 

usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username

cd /home/username
mkdir tmp
chown username:filetransfer tmp



Retrieved from "https://www.wurst-wasser.net//wiki/index.php?title=Chroot_environment_setup&oldid=7346"