include sftp jail

## 1. Create the sftp group and put desired user to that group.

```bash
$ sudo groupadd sftp
$ sudo usermod -g sftp yournewuser
```

## 2. Update the SSH settings

`$ sudo nano /etc/ssh/sshd_config`

Change the `/etc/ssh/sshd_config`
```
# override default of no subsystems
#Subsystem      sftp    /usr/lib/openssh/sftp-server
# 👇
Subsystem sftp internal-sftp
```

Add this to the end of the `/etc/ssh/sshd_config`
```
Match group sftp
        X11Forwarding no
        ChrootDirectory %h
        AllowTcpForwarding no
        ForceCommand internal-sftp
```

## 3. Check the permissions
⚠️ All directories up to the user root must be owned by root with permissions 755
```bash
$ sudo chown root: /var/www/vhosts/USERSHOME
$ sudo chmod 755 /var/www/vhosts/USERSHOME
```

## 4. Restart SSH
`$ sudo service ssh restart`

## 5. Optional
To disable the bash entirely for this user, you can run `$ sudo usermod -s /bin/false USER`

Reference: https://shapeshed.com/chroot-sftp-users-on-ubuntu-intrepid/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

include sftp jail #16

1. Create the sftp group and put desired user to that group.

2. Update the SSH settings

3. Check the permissions

4. Restart SSH

5. Optional

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

include sftp jail #16

Description

1. Create the sftp group and put desired user to that group.

2. Update the SSH settings

3. Check the permissions

4. Restart SSH

5. Optional

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions