Monthly Archives: August 2013

Setup Chroot SFTP in Ubuntu Linux

Chroot keeps the user in his login / home directory when logging in. This is not default behavior. In the default setup of SFTP you can CD anywhere on the system!

1. Create a new group

2. Create users who want to SFTP

3. Modify the the /etc/ssh/sshd_config file and comment out the following line:

4. Add the following line directly below the line you have commented out:

5. Add the following lines at the end of /etc/ssh/sshd_config:

6. Users start in the /var/www directory; this directory should be owned by root (see below) with chmod 755:

7. Create a new directory with the same name as the username you just added:

8. Make sure that this new directory is also owned by root (see below):

10. Create a subfolder below /var/www/guestuser for example www and set user ownership to guestuser and groupowner ship to www-data. Set access right two 2755 ( 2=set group id, 7=rwx for owner (guestuser), 5=rx for group (www-data), 5=rx for world (including apache www-data user):

9. Restart the ssh server:

If the directories have not the correct ownership a message will appear in /var/log/auth.log:

 

Share