SFTP Jails

#sftp #sysadmin

Jailing sftp users in Linux

Make jail directory:

$ sudo mkdir -p /var/run/jails
$ sudo chown root:root /var/run/jails

Add group for sftp-only users and add user:

$ sudo groupadd sftponly
$ sudo gpasswd -a andrew

Add the following to your /etc/ssh/sshd_config file and restart ssh:

Match Group sftponly
  AllowTcpForwarding no
  AuthorizedKeysFile /var/run/jails/%u/.authorized_keys
  ChrootDirectory /var/run/jails
  ForceCommand internal-sftp
  PermitTunnel no
  X11Forwarding no

Create directory for the user:

$ sudo mkdir -p /var/run/jails/andrew
$ sudo chown andrew:sftponly /var/run/jails/andrew

Add an authorized_keys to /var/run/jails/%u/.authorized_keys and you’re all set.