Can I confine my users to their /home/%u directory using only OpenSSH configuration? From instructions I found on the Internet, I stopped the SSH server and appended the following to the sshd_config
file:
Match group sftpusers
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
I then started the SSH server again.
FYI I have the users added to sftpusers
group
My users can still browse i.e cd /
and are able to use cat command to list file content (cat /usr/bin/test.sh
) in entire file structure on my system
I'm running Ubuntu Server 12.04 LTS.
Best Answer
First of all, I would suggest using
ChrootDirectory %h
instead of/home/%u
, as%h
expands to the user's home, even if it's no/home/$USER
.Now to your actual problem: you need to force
internal-sftp
as the command to be run. The following config works just fine for me, and should also for you:The user's home should be
root
-owned and have 755 permisions as mentioned above: