SSH Chroot Jail Setup Script
A robust Bash script to create a chroot jail environment for SSH/SFTP users, restricting them to a specific directory on your Linux system.
📖 Overview
This script automates the process of creating a secure chroot jail environment for SSH/SFTP users, limiting their access to only specified directories. This is particularly useful for:
- Web server file management
- Secure file transfers
- Restricting user access to specific application directories
- Compliance with security policies
✨ Features
- Creates complete chroot jail environment
- Sets up necessary device files and libraries
- Configures SSHd for chroot access
- Supports both SSH and SFTP access modes
- Customizable jail directory location
- Optional basic command inclusion (ls, date, mkdir)
🛠️ Prerequisites
- Linux system (tested on Ubuntu/CentOS)
- Bash shell
- Root/sudo access
- SSH server installed
📦 Installation
- Clone or download the script to your server
- Make the script executable:
chmod +x create_chroot_user.sh
Basic Usage
sudo ./create_chroot_user.sh
for the user, they have to do, and enter the password configured above
sftp -v user@host
🔒 Security Notes
- The jail directory and its subdirectories must be owned by root
- Users should not have write access to the jail structure itself
- Regularly update the passwd/group files in the jail if system users change
- Consider using key-based authentication for additional security
Reference
https://www.tecmint.com/restrict-ssh-user-to-directory-using-chrooted-jail/