How to Configure Chroot Environments for SFTP Access on Ubuntu 16.04

Prerequisites

  1. A valid Alibaba Cloud Account. (Sign up now and get up to $1200 to test over 40 Alibaba Cloud products)
  2. An Alibaba Cloud ECS instance running Ubuntu 16.04 Operating system.
  3. A non-root user that can perform sudo tasks.

Step 1: Creating an SFTP Group

$ sudo groupadd sftpusers

Step 2: Setting Up OpenSSH

$ sudo nano /etc/ssh/sshd_config
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
$ sudo service ssh restart

Step 3: Configuring User Accounts

$ sudo adduser jacob
Adding user `jacob' ...
Adding new group `jacob' (1006) ...
Adding new user `jacob' (1004) with group `jacob' ...
Creating home directory `/home/jacob' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:Enter Password
Retype new UNIX password:Enter Password
passwd: password updated successfully
Changing the user information for jacob
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
$ sudo usermod -G sftpusers jacob
$ sudo chown root:root /home/jacob
$ sudo chmod 755 /home/jacob
$ sudo mkdir /home/jacob/public_html
$ sudo chown jacob:jacob /home/jacob/public_html
$ sudo mkdir /home/jacob/private_docs
$ sudo chown jacob:jacob /home/jacob/private_docs
$ sudo chmod 700 /home/jacob/private_docs

Step 4: Testing the Configuration

$ sftp jacob@198.18.0.8
The authenticity of host 198.18.0.8(198.18.0.8)' can't be established.
ECDSA key fingerprint is SHA256:2wDenY0R9/odsoiYTaSJCmTHNplmy4oWX7z2nIqUNOQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '198.18.0.8 ' (ECDSA) to the list of known hosts.
jacob@198.18.0.8's password:Enter password here
Connected to 35.237.46.6.
sftp> pwd
Remote working directory: /

Step 5: Confirming Shell Access Restriction

Conclusion

--

--

--

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

USING AWS IN CLI WITH SOME EXAMPLES OF EC2

9 Simple Steps to Create Your 1st Laravel-8 Project and Run with Composer.

What You Need to Know About Embedded Analytics

Yurbi Embedded Analytics

Grab your Golden Ticket!

Practical Flutter: 6 Tips for Newcomers

Five Lessons From My First 100 Days In The Workforce

The PlutosNetwork Synthetic System V2.0

Sort files in place with the Linux command line

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com

More from Medium

Elasticsearch Installation and Configuration

Produce and consume messages from a Kafka topic using docker

Cloudwatch alarms for memory and disk for AWS Ec2 using Terraform

Using Nginx Ingress Controller to Manage HTTP/1.1 and HTTP/2 Protocols