How to Configure a Chroot Jail for SSH Access in Linux
Chroot jail keep users locked in a specific directory which they will not be able to break out of. With this setup, you can give access to your users without having to fear especially in the shared environment. If a user only allowed to access his files without ssh shell access we can create a chroot environment for those users.
See Also:
1. How To Create SSH Keys on a Linux
2. Difference between Telnet and SSH in Linux
3. SSH Interview Questions and Answers
4. Allow/Deny logins via ssh server using PAM module
5. Block SSH Server Attacks Using DenyHosts in CentOS/RHEL 5/6/7
6. How to Enable SSH Login Email Alerts Notification
In this article, we will describe how to configure chrooted jail for any user or any group.
Step 1: Create User or Group for Chroot Jail
If you have to use an existing users or groups then no need create a new user.
# groupadd jailuser # useradd -g jailuser dennis # useradd -g jailuser steve
Step 2: Configure Chroot Jail
Now edit SSHD configuration file to setup chroot jail.
# vim /etc/ssh/sshd_config
Comment below line in SSHD configuration.
# Subsystem sftp /usr/libexec/openssh/sftp-server
For groups add below lines:
Subsystem sftp internal-sftp Match Group jailuser X11Forwarding no AllowTcpForwarding no ChrootDirectory /images ForceCommand internal-sftp
For users add below lines:
Subsystem sftp internal-sftp Match User dennis X11Forwarding no AllowTcpForwarding no ChrootDirectory /images ForceCommand internal-sftp
Step 3: Set Permission
After configuring SSHD configuration we need to setup directory permission.
For Group:
# chmod -R 755 /images # chown -R root:root /images # mkdir /images/jailroot # chmod -R 775 /images/jailroot # chown -R root:jailuser /images/jailroot
For User:
# chmod -R 755 /images # chown -R root:root /images # mkdir /images/jailroot # chmod -R 755 /images/jailroot # chown -R dennis:root /images/jailroot
Step 4: Restart SSH Service
After all the configuration restart the SSHD service.
# service sshd restart
Step 5: Verify Configuration
Now you are ready to verify the configuration.
I hope now you know how to restrict users home directories using a Chroot environment in Linux.
Enjoy it!