using OpenSSH/SFTP to replace an FTP server securely
keisial at gmail.com
Tue May 20 05:05:49 EST 2014
On 19/05/14 03:31, IMAP List Administration wrote:
> Hello Folks,
> if I chroot all users to the same top directory, for example "/home",
> which would solve the problem of avoiding hundreds of syslog logging sockets, I
> have found no method of having OpenSSH chdir into a user-specific subdirectory
> (I would be willing to rely on the standard UNIX security model to restrict
> users' access to their own directories).
> Have I missed something, or is what I'm trying to achieve simply not possible
> using OpenSSH?
Suppose the user home is /home/foo, then if that path exists inside your
(eg. /chrooted-users/home/foo) then the user will be landed inside that
(writable for him).
If you want something different, like chrooting them at
can use -d parameter in the ForceCommand, ie.
ForceCommand internal-sftp -d /%u
More information about the openssh-unix-dev