12 February 2018

LINUX - Restrict sftp user to home directory

In some cases, you are required to restrict sftp users ( using FileZilla or Winscp ) to their respective home directories. This is how you do it.

# useradd cent
# passwd cent
-- set passsword

# groupadd sftp_users
# usermod -G sftp_users cent

# vi /etc/ssh/sshd_config
-- line 147: comment out the line below
#Subsystem sftp /usr/libexec/openssh/sftp-server

-- add the following just after the above line
Subsystem sftp internal-sftp

-- add follows to the end
Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home
  ForceCommand internal-sftp

-- Save the file

# systemctl restart sshd


Try to access using your favourite windows sftp client or using sftp command line :

# sftp cent@localhost

-
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

APACHE - failed to start

[On] Red Hat Enterprise Linux Server release 7.4 (Maipo) Apache was not running and attempt to start the httpd service failed. The natural t...