Find the answer to your Linux question:
Results 1 to 6 of 6
What is the easiest way to lock a SSH user to their home directory? I know they can't do anything outside of it their directory, but it would be nice ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2012
    Posts
    17

    CentOS Server: Lock SSH users to /home/$user


    What is the easiest way to lock a SSH user to their home directory? I know they can't do anything outside of it their directory, but it would be nice if they couldn't cd out of /home/$username$.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    To do that, you'd need to set up a chrooted environment. You can do this with SFTP practically out of the box, as long as your OpenSSH version is >= 4.8 or so. Just google SFTP chroot jail, or some combination of that. Add CentOS to your search, to look for any distro-specific solutions.

    For SFTP, it basically entails editing of the sshd_config file, setting up a directory with the proper permissions and maybe creating users/groups. You should be able to find a guide that suits your needs, though.

  3. #3
    Just Joined!
    Join Date
    Feb 2012
    Posts
    17
    I am having trouble finding a good working tutorial. This process seems to be extremely tedious. I've already done howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze but it still isn't working properly.

  4. #4
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by maack View Post
    I am having trouble finding a good working tutorial. This process seems to be extremely tedious. I've already done howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze but it still isn't working properly.
    sorry about that. i'll try to help you. Answer these questions, if you don't mind:

    1. What is your exact Linux distro and release?

    2. Is SFTP (very much like an interactive FTP session) access sufficient, or do you want/required a "true" login environment (i.e., the ability to SSH in and get a bash shell)?

  5. #5
    Just Joined!
    Join Date
    Feb 2012
    Posts
    17
    1. CentOS x64 ver 6 latest
    2. I'm not worried about sftp, more just want to have SSH users locked to the directory. It's not required, but I host about 15~20 websites and wanted to give them all their own SSH/FTP access and locking to their own directory would be a peace of mind thing.

  6. #6
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Quote Originally Posted by maack View Post
    1. CentOS x64 ver 6 latest
    2. I'm not worried about sftp, more just want to have SSH users locked to the directory. It's not required, but I host about 15~20 websites and wanted to give them all their own SSH/FTP access and locking to their own directory would be a peace of mind thing.
    I think this might be a job for VPS (Virtual Private Server). You can do that w/RedHat's OpenVZ on CentOS. Here is a pretty good guide:

    How To Setup OpenVZ under RHEL / CentOS Linux

    As I said before, an alternative method would be to simply build your own chrooted SSH environment. It might be more straightforward, and doesn't require a special kernel, but it is mostly a manual process. Here's a guide on how to do that:

    How to build a chroot jail environment for CentOS :: Things n' Stuff

    I have never done either btw, so I can't speak from experience, but I'm actually about to attempt the VPS route at work, so I'd be interested in hearing how you get along (and helping out, if you need a hand), if that is what you decide.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •