My Linux Tips&Tricks

All the linux knowledge that i’ve picked up on my way to …….


Page: SFTP-Server with chroot

Did you ever have a need for a secure ftp that locks a user to his home
directory? ( changing the home dir to root / )
I found a lot of info on chroot cage, but all i needed was a sftp cage.
This is how i did it.

OS: Debian sarge
Download the OpenSSH source with apt-get source opennssh

You will get three files (at least i did)
openssh_3.8.1p1-8.sarge.4.diff.gz —The newest debian patch
openssh_3.8.1p1-8.sarge.4.dsc —Description file
openssh_3.8.1p1.orig.tar.gz —Source file
You can patch the newest patch if you like.
I didn’t so i will not cover it here.

GUnzip the openssh_3.8.1p1.orig.tar.gz to a directory of your choice.
Install, if not already, the needed lib zlib1g-dev with
apt-get install zlib1g-dev

Download the sftp-server chroot patch into the source directory
where you GUnziped the OpenSSH sources.

cp to source directory.

Aply the patch patch sftp-server.c sftp-chroot.diff

Run ./configure

Run make sftp-server

Copy sftp-server to /usr/lib/sftp-server-chroot
cp sftp-server /usr/lib/sftp-server-chroot

Change the user that needs to use sftp in /etc/passwd

Change
ftpuser:x:1001:1001:,,,:/home/ftpuser/:/bin/bash
to
ftpuser:x:1001:1001:,,,:/home/ftpuser/./:/usr/lib/sftp-server-chroot

That’s it :)

Leave a Reply