12 February 2018

LINUX - Restrict sftp user to home directory

In some cases, you are required to restrict sftp users ( using FileZilla or Winscp ) to their respective home directories. This is how you do it.

# useradd cent
# passwd cent
-- set passsword

# groupadd sftp_users
# usermod -G sftp_users cent

# vi /etc/ssh/sshd_config
-- line 147: comment out the line below
#Subsystem sftp /usr/libexec/openssh/sftp-server

-- add the following just after the above line
Subsystem sftp internal-sftp

-- add follows to the end
Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home
  ForceCommand internal-sftp

-- Save the file

# systemctl restart sshd


Try to access using your favourite windows sftp client or using sftp command line :

# sftp cent@localhost

at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Wordpress - Local installation in Vmware

If you're interested in exploring website design with WordPress, this guide will help you set up a WordPress instance on your local mach...