How can i make a new SSH user for linux (Ubuntu) which will allow the user only to access that folder and not to go back to other folder, I have searched many tutorials/support for this but those all didn't help me as it was working on the first time of login in SSH and when i go back to other folder and disconnects the ftp and reconnects it doesn't take me to the setted file.
Asked
Active
Viewed 786 times
1 Answers
0
The standard way to handle this is to set up a chroot'd environment. What this does is establish a new base for the filesystem. In a chroot'd environment, the user has it's own basic set up files to support the environment. When they login, they execute the chroot and are "stuck" in that limited environment.
To do this, set up a base directory to create your restricted environment, then added directories for the environment.
mkdir -p <base>/{dev,etc,lib,usr,bin}
mkdir -p <base>/usr/bin
chown root.root <base>
You can make <base> be whatever you want (i.e. /var/jail).
Add other necessary files and any binaries or executables the user needs to run:
cp /etc/ld.so.cache <base>/etc/
cp /etc/ld.so.conf <base>/etc/
cp /etc/nsswitch.conf <base>/etc/
cp /etc/hosts <base>/etc/
cp /usr/bin/ls <base>/bin/
cp /usr/bin/bash <base>/bin/
Add any required shared libraries to run any of the commands you need (run ldd <command> to get a list). cp them into the <base>/lib directory.
Last... config sshd (/etc/ssh/sshd_config) with the following:
Match group sshusers
ChrootDirectory <base>
X11Forwarding no
AllowTcpForwarding no
Add users that will be chroot'd to the "sshuser" group (or make that whatever group you want, just make sure it matches how you configured it in sshd_config).
Giacomo1968
- 58,727
tomlester
- 163