How might I create an SFTP login for an untrusted user in which he can only access the files in his own home directory and not run any commands?
The online tutorial OpenSSH SFTP chroot() with ChrootDirectory is almost exactly what I need, except I'd like for the user to see his home directory as /home/user
, rather than simply /
.
Any help would be much appreciated.
scponly is a hack. The built-in sftp-server with chroot was meant to address this need properly.
Ben, why do you want them to see their home as /home/user? Doesn't that kind of defeat the purpose of a chroot? Is it just
pwd
output that you're looking for to reflect their location?Or is it so they can use full paths in a script? I think you could symlink /home/user/home/user to /home/user for those purposes.
Take a look at SCPonly it may be just what you are looking for
You can use MySecureShell which is doing what you want. You can chroot your users in an environment in a very easy way.
The configuration is also easy for doing what you want (only 4 lines) : Home $HOME VirtualChroot yes
Then add /bin/MySecureShell on the required users and it's done :-)
Good luck :-)