How can I chroot sftp-only SSH users into their homes?
All this pain is thanks to several security issues as detailed here.
Basically the chroot directory has to be owned by
And bam, you can log in and write in
found at: http://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes
Basically the chroot directory has to be owned by
root
and can't be any group-write access. Lovely. So you essentially need to turn your chroot into a holding cell and within that you can have your editable content.
sudo chown root /home/bob
sudo chmod go-w /home/bob
sudo mkdir /home/bob/writeable
sudo chown bob:sftponly /home/bob/writeable
sudo chmod ug+rwX /home/bob/writeable
And bam, you can log in and write in
/writeable
.found at: http://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes
Comments
Post a Comment