Toggle source

How to set up chroot SFTP on CentOS/RHEL 6 - Method 1

Create user

useradd daniel

passwd daniel

Create the required directories for chroot jail

mkdir /home/daniel/data

chown daniel.daniel /home/daniel/data

chmod 775 /home/daniel/data

mkdir -p /var/sftp-chroot/daniel/data

chown daniel.daniel /var/sftp-chroot/daniel/data

chmod 755 /var/sftp-chroot/daniel

mkdir /var/sftp-chroot/daniel/dev

Mount chroot directory

vi /etc/fstab

/home/daniel/data           /var/sftp-chroot/daniel/data none bind

mount /home/daniel/data

SSH configuration

vi /etc/ssh/sshd_config

Subsystem   sftp    internal-sftp -f LOCAL3 -l INFO

        Match User daniel
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -f LOCAL3 -l INFO
        ChrootDirectory /var/sftp-chroot/%u

/etc/init.d/sshd restart

Configure rsyslog

vi /etc/rsyslog.conf

# SFTP logging
local3.info                                             /var/log/sftp.log

vi /etc/rsyslog.d/sftp.conf

$ModLoad imuxsock
$AddUnixListenSocket /var/sftp-chroot/daniel/dev/log

/etc/init.d/rsyslog restart

# How to set up chroot SFTP on CentOS/RHEL 6 - Method 1

### Create user
 
`useradd daniel`

`passwd daniel`

### Create the required directories for chroot jail
 
`mkdir /home/daniel/data`

`chown daniel.daniel /home/daniel/data`

`chmod 775 /home/daniel/data`

`mkdir -p /var/sftp-chroot/daniel/data`

`chown daniel.daniel /var/sftp-chroot/daniel/data`

`chmod 755 /var/sftp-chroot/daniel`

`mkdir /var/sftp-chroot/daniel/dev`

### Mount chroot directory ###
 
`vi /etc/fstab`

``` 
/home/daniel/data	        /var/sftp-chroot/daniel/data none bind
```

`mount /home/daniel/data`

### SSH configuration

`vi /etc/ssh/sshd_config`

```
Subsystem 	sftp 	internal-sftp -f LOCAL3 -l INFO
 
        Match User daniel
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp -f LOCAL3 -l INFO
        ChrootDirectory /var/sftp-chroot/%u
```

`/etc/init.d/sshd restart`
 
### Configure rsyslog
 
`vi /etc/rsyslog.conf`

```
# SFTP logging
local3.info                                             /var/log/sftp.log
```

`vi /etc/rsyslog.d/sftp.conf`

```
$ModLoad imuxsock
$AddUnixListenSocket /var/sftp-chroot/daniel/dev/log
```

`/etc/init.d/rsyslog restart`