How to Configure Chroot Environments for SFTP Access on Ubuntu 16.04

Prerequisites

  1. A valid Alibaba Cloud Account. (Sign up now and get up to $1200 to test over 40 Alibaba Cloud products)
  2. An Alibaba Cloud ECS instance running Ubuntu 16.04 Operating system.
  3. A non-root user that can perform sudo tasks.

Step 1: Creating an SFTP Group

$ sudo groupadd sftpusers

Step 2: Setting Up OpenSSH

$ sudo nano /etc/ssh/sshd_config
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
$ sudo service ssh restart

Step 3: Configuring User Accounts

$ sudo adduser jacob
Adding user `jacob' ...
Adding new group `jacob' (1006) ...
Adding new user `jacob' (1004) with group `jacob' ...
Creating home directory `/home/jacob' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:Enter Password
Retype new UNIX password:Enter Password
passwd: password updated successfully
Changing the user information for jacob
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
$ sudo usermod -G sftpusers jacob
$ sudo chown root:root /home/jacob
$ sudo chmod 755 /home/jacob
$ sudo mkdir /home/jacob/public_html
$ sudo chown jacob:jacob /home/jacob/public_html
$ sudo mkdir /home/jacob/private_docs
$ sudo chown jacob:jacob /home/jacob/private_docs
$ sudo chmod 700 /home/jacob/private_docs

Step 4: Testing the Configuration

$ sftp jacob@198.18.0.8
The authenticity of host 198.18.0.8(198.18.0.8)' can't be established.
ECDSA key fingerprint is SHA256:2wDenY0R9/odsoiYTaSJCmTHNplmy4oWX7z2nIqUNOQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '198.18.0.8 ' (ECDSA) to the list of known hosts.
jacob@198.18.0.8's password:Enter password here
Connected to 35.237.46.6.
sftp> pwd
Remote working directory: /

Step 5: Confirming Shell Access Restriction

Conclusion

--

--

--

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Three Years of Web Development Career— Takeaways

How to create an API in AWS API Gateway using AWS Lambda

GCP- ACE IAM and Billing Access Control

How STO Express Coped with Peak Demands during the 618 Shopping Festival Using PolarDB

How to use automated Kanban in Github

Object Management for Managing your Objects — Listing, Moving, Deleting and More!

What is Elastic Cloud Compute and What we should know about?

Game Programming Pattern: Singleton

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

More from Medium

Docker and The Rise of Containerization

Top 10 Docker Hardening Best Practices

Securely Connect to Redis and Utilize Benchmark Tools

Generation and installation of SSL certificates for dependencies