Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 01-02-2013, 06:52 AM   #1
Registered: Oct 2012
Posts: 96

Rep: Reputation: Disabled
ssh jail issue

hi i want to make user login via ssh will be jailed to his directory..
newbie here, i find alot of tutorial about jail ssh, but all the result give me back the sftp result.
i hv did alot of configuration and makes me more confuse

groupadd sftponly
usermod sftponly user

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Match Group sftponly
ChrootDirectory /aaa/home/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
user from group sftponly will not be able to access to server via ssh/sftp.
Error: Software caused connection abort.
i have added/delete AllowGroups,
swap # between internal-sftp || /usr/lib/openssh/sftp-server
all still have the same error

or i have manually added
# mkdir /aaa
# cd /aaa
# mkdir {bin,dev,lib64}
# cp -p /bin/bash bin/
# cp -p /lib64/*.* lib/64
# mknod dev/null c 1 3
# mknod dev/zero c 1 5
# chmod 0666 dev/{null,zero}
# useradd -m -d /aaa/home/ch5 -s /aaa/bin/bash ch5
i can login ch5 via ssh, but not jailed
if i add user ch5 into group sftponly
it will have the same error as above
anyone pls help, or if i hv gone wrong too deep, just give me an exmaple of this .thanks

oh i have also use
sh ch6 /bin/bash /export
still cannnot
please help ,ty

Last edited by slowerogue; 01-02-2013 at 06:56 AM.
Old 01-02-2013, 12:23 PM   #2
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Rep: Reputation: 37

Please find out if this could be of any help:

Old 01-02-2013, 10:39 PM   #3
Registered: Oct 2012
Posts: 96

Original Poster
Rep: Reputation: Disabled
hi thanks for your reply. i have found why i was unable to connect using sftp
setenforce 0 will let me sftp to the rhel, with proper jail it in his directory.

but how do i jail ssh?

i want to jail a user from ssh and sftp(done), not root

thanks alot
Old 01-02-2013, 11:24 PM   #4
Senior Member
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
I suggest you look at the man page for sshd_conf, in particular the ChrootDirectory option. Note that this option should be placed after a "Match" line (so you can selectively choose which users and groups to chroot). For example, I have at the very end of my sshd_config:

Match group group1,group2
   ChrootDirectory /home/chroot


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban log errors for ssh jail linuxlover.chaitanya Linux - Security 2 07-24-2010 08:01 AM
[SOLVED] chroot jail problem: 'empty' jail MatrixS_Master Linux - Security 4 03-27-2010 07:25 AM
SSH jail and ACL lists thebomb Linux - Security 1 03-09-2010 04:32 AM
slackware 10.2 chroot/jail ssh zdannar Slackware 3 07-12-2007 06:51 PM
ssh session in a chroot jail? houler Linux - Security 13 04-05-2005 02:10 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:37 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration