# settings in /etc/ssh/sshd_config should be like:

Subsystem sftp internal-sftp -f AUTH,USER -l VERBOSE

Match User testuser
ChrootDirectory /home/testuser
#ForceCommand internal-sftp -u 0002
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

>> you can also do a match on a group:
Match Group testgroup

# if you made changes on sshd_config, test the config syntax using "sshd -t" bevor you restart the ssh server using a command like "sudo systemctl restart sshd"

# the user, in this case testuser should have a passwd / user shell entry nologin or false!
testuser:x:1010:1100::/home/testuser:/usr/sbin/nologin

# if you run in trouble, if no login is possible or so, watch the logfile using:
tail -f /var/log/auth.log

# make sure that the directories on the chroot path, in this case /home/testuser have all the right permissions and ownership. You can verify this for each directory using command:
ls -ld /
ls -ld /home
ls -ld /home/testuser

> all directories should have 755 permissions with owner root, like:
drwxr-xr-x 20 root root 4096 Jan 20 09:30 /

#the commands above where tested on Ubuntu 22.04 LTS ...

computer2know :: thank you for your visit :: have a nice day :: © 2024