Re: chrooting SFTP

From: Robin (
Date: 01/16/04

Date: Fri, 16 Jan 2004 17:51:44 +0100

"Tom" <> schreef in bericht
> Hi,
> Anyone know how to restrict SFTP users to not go above their login
directory? I can do this fine in FTP using wu-ftp but no idea in
> SFTP and can't seem to google a solution either.
> thanks
> Tom

Is sftp the same as vsftpd?
I only know how to do it in vsftpd :P
I have this in my conf file to do it:

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (default follows)

Relevant Pages

  • Re: hack attempt on my server...What do you do about this?
    ... the first option is not to run vsftpd at all. ... which you can not do using sftp to log into you box. ... You don't need a separate ftp server to run it, ...
  • internal-sftp: client unable to initialise server with chrooted user
    ... - smartcard: Enables smartcard support ... The problem is when trying to use sftp in an internal-sftp chroot, ... Fatal: unable to initialise SFTP on server: could not connect. ...
  • Re: Best SFTP (w/chroot): vsftpd vs mysecureshell vs other ??
    ... The obvious answer was to use SSH and limit those users to SFTP only. ... Locking them into a chroot was not a requirement, but it seemed like a good idea to me. ... For some reason which I cannot work out for now, the home directory must be owned by root and have the permissions 755. ...
  • Re: sftp server with speed throttling
    ... configuration work or pass sftp traffic through PF and throttle it ... Only OpenSSH alternative I use sometimes is ... would like to use SSH for the connections, as opposed to FTP, but I ... directives to chroot the groupand/or userthat are to have ...
  • Re: Want unusual config...
    ... > SFTP in using sftp-server, and have their home directory appear to be the ... > there is no reason for them to need shell access to the server. ... You may need a chroot cage. ... chroot tools built into it, you can easily manage quite a secure little set ...