64 أسطر
1.6 KiB
Markdown
64 أسطر
1.6 KiB
Markdown
# SSH Chroot Jail Setup Script
|
|
|
|
A robust Bash script to create a chroot jail environment for SSH/SFTP users, restricting them to a specific directory on your Linux system.
|
|
|
|
## 📖 Overview
|
|
|
|
This script automates the process of creating a secure chroot jail environment for SSH/SFTP users, limiting their access to only specified directories. This is particularly useful for:
|
|
|
|
- Web server file management
|
|
- Secure file transfers
|
|
- Restricting user access to specific application directories
|
|
- Compliance with security policies
|
|
|
|
## ✨ Features
|
|
|
|
- Creates complete chroot jail environment
|
|
- Sets up necessary device files and libraries
|
|
- Configures SSHd for chroot access
|
|
- Supports both SSH and SFTP access modes
|
|
- Customizable jail directory location
|
|
- Optional basic command inclusion (ls, date, mkdir)
|
|
|
|
## 🛠️ Prerequisites
|
|
|
|
- Linux system (tested on Ubuntu/CentOS)
|
|
- Bash shell
|
|
- Root/sudo access
|
|
- SSH server installed
|
|
|
|
## 📦 Installation
|
|
|
|
1. Clone or download the script to your server
|
|
2. Make the script executable:
|
|
```bash
|
|
chmod +x create_chroot_user.sh
|
|
```
|
|
## Basic Usage
|
|
|
|
|
|
```
|
|
sudo ./create_chroot_user.sh
|
|
```
|
|
|
|
for the user, they have to do, and enter the password configured above
|
|
|
|
```
|
|
sftp -v user@host
|
|
```
|
|
|
|
## 🔒 Security Notes
|
|
|
|
1. The jail directory and its subdirectories must be owned by root
|
|
2. Users should not have write access to the jail structure itself
|
|
3. Regularly update the passwd/group files in the jail if system users change
|
|
4. Consider using key-based authentication for additional security
|
|
|
|
|
|
|
|
# Reference
|
|
|
|
https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/
|
|
|
|
|