-   Debian (
-   -   openssh sftp chrooting all users (

davidstvz 05-28-2009 10:35 AM

openssh sftp chrooting all users
Is there anyway to chroot all users to their home directories by default (for sftp sessions)?

That would be a good start. It might also be convenient for me to be able to exempt a few select users.

All the info I can see is for chrooting a specific user or group to a specific directory (rather than all users to a variable directory such as the users home).

oʌǝɹ 05-30-2009 04:06 AM

Did you try:

Match User *
ChrootDirectory /home

And maybe to exempt some:

Match User '*,!bob,!jim'
ChrootDirectory /home

Not sure about "ChrootDirectory /home", try also:
"ChrootDirectory /home/%u"
"ChrootDirectory %h" <-- prefered for home not in /home

Looking at the manpage of sshd_config and ssh_config, it looks like it should work.

All times are GMT -5. The time now is 10:34 PM.