Difference between revisions of "Chroot environment setup"

From Wurst-Wasser.net
Jump to: navigation, search
(Created page with " Category:RaspberryPi")
 
Line 1: Line 1:
 +
Setting up a chroot-environment:
  
 +
Add this to /etc/ssh/sshd_config:
  
 +
#Subsystem sftp /usr/lib/openssh/sftp-server
 +
Subsystem sftp internal-sftp
 +
 +
# Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/
 +
Match Group filetransfer
 +
    ChrootDirectory %h
 +
    X11Forwarding no
 +
    AllowTcpForwarding no
 +
    ForceCommand internal-sftp
  
  
 +
Restart sshd
 +
service ssh restart
  
  
 +
Add a new group
 +
addgroup --system filetransfer
 +
 +
For each chrooted user:
 +
usermod -G filetransfer username
 +
chown root:root /home/username
 +
chmod 755 /home/username
 +
 +
cd /home/username
 +
mkdir docs public_html
 +
chown username:filetransfer *
 +
 +
 +
 +
 +
----
 +
* Links
 +
** https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/
  
 
[[Category:RaspberryPi]]
 
[[Category:RaspberryPi]]

Revision as of 22:13, 6 December 2018

Setting up a chroot-environment:

Add this to /etc/ssh/sshd_config:

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

# Heiko was here and did https://linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/
Match Group filetransfer
   ChrootDirectory %h
   X11Forwarding no
   AllowTcpForwarding no
   ForceCommand internal-sftp


Restart sshd

service ssh restart


Add a new group

addgroup --system filetransfer

For each chrooted user:

usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username
cd /home/username
mkdir docs public_html
chown username:filetransfer *