Home / Software / Keep SSH users in their home directories

Keep SSH users in their home directories

OpenSSH stuff
Since 2008, OpenSSH now has a feature that allows Linux system administrators to keep web hosting clients and other users out of system directories like /etc /bin /var, and others. In the past, admins had to rely on other packages, such as rssh.

The process is called chroot, which essentially creates a virtual file system within the larger Linux file system, limiting individual users to their own small section of the server. They might have an /etc directory, but it will a special one only for that user and not the same as the larger system’s /etc directory. Now, OpenSSH has a configuration option called ChrootDirectory.Now, OpenSSH has a configuration option called ChrootDirectory.

In /etc/ssh/sshd_config :

You need to configure OpenSSH to use its internal SFTP subsystem.
Subsystem sftp internal-sftp
Then, I configured chroot()ing in a match rule.
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Read the rest at the Debian Administration website. You can also read the configuration manual simply by typing man sshd_config from the command line.

Source: Debian Administration
Photo: Flickr

Check Also


Importance of web hosting to business

The world of business is very ruthless and unfair in some cases. It is a …