Openssh Sftp Chroot

| 01-05-2021
[RAND-1-100] Comments



Using OpenSSH you can bind SSH, SFTP, SCP users to their home directory and restrict them to access other directories on the SSH server. In this article we will configure SCP on chroot ssh jail in the secure chroot ssh environment.

  1. Openssh Sftp Chroot Windows
  2. Openssh Sftp Chroot


Topic

Ssh sftp chroot permission denied
  • In your sshd config file, and restart sshd. If you are just doing sftp, then you don't have to do anything more. Unfortunately, this doesn't work for scp. For interactive shell, you will need to copy binaries, and /dev nodes into the chroot.
  • Parameter ChrootDirectory in /etc/ssh/sshdconfig allows the specification of a chroot target directory which will then be used for all ssh and sftp sessions to this server. The target directory definition can utilize the%u and%h tokens to customize the target directory based on the username or the users home directory.

Using OpenSSH you can bind SSH or SFTP users to their home directory and restrict them to access other directories on the SSH server. In this article we will demonstrate Chroot SSH Configuration on Linux RHEL CentOS for selected ssh users or group. SSH, SFTP, and SCP users connecting to the chroot environment on the IBM i will fail because the operating system is unable to find the '/QSYS.LIB' path in the new chroot directory. Set the LOCALE path to.NONE,.C, or.POSIX in the user profile to avoid this restriction. More information regarding the chroot script.

  • How to configure chroot scp on CentOS 7?
  • How to configure chroot scp on RHEL 7?
  • Chroot scp configuration on Linux
  • Chroot scp server
  • scp chroot jail
  • scp over chroot ssh

Solution

Setting up a secure or chroot ssh and scp environment requires a sandox environment which has its own libraries and binaries. In this article, we’ll bind all ssh and scp users who are part of chrootssh group into /data/chroot-ssh directory. This article has been tested on CentOS 7 and RHEL 7. You can refer to the steps given in this article to configure chroot ssh and scp on other Linux distributions.

  1. In order to setup SCP on chroot ssh jail, the prerequisite is to setup chroot SSH environment – click here.
  1. After chroot ssh environment setup is completed, execute following set of commands to get scp command working in chroot ssh sandbox environment.
  1. Remove all contents from /data/chroot-ssh/lib64 directory.

Openssh Sftp Chroot Windows

  1. Mount /lib64 directory at /data/chroot-ssh/lib64 directory with mount bind option.
  1. Copy scp binary to /data/chroot-ssh/bin/ directory.

Openssh Sftp Chroot

  1. Create a passwd and group file in /data/chroot-ssh/etc directory and then copy the specific ssh user and group information to passwd and group file in /data/chroot-ssh/etc directory.
  1. Now restart sshd service then test scp file transfer from the client system.

Testing

Sftp

Execute the following command for ssh login and scp file transfer testing.


Openssh

If you have enjoyed the above article, the following are add on articles related to SCP on chroot ssh jail: