Skip to content

Instantly share code, notes, and snippets.

@darth-veitcher

darth-veitcher/chroot-sftp.sh

Last active April 17, 2020 20:44
Show Gist options
  • Save darth-veitcher/3f0891de03d51b089ea50cc5fa8cfc0e to your computer and use it in GitHub Desktop.
Save darth-veitcher/3f0891de03d51b089ea50cc5fa8cfc0e to your computer and use it in GitHub Desktop.
Download ZIP
Create chrooted sftp user
Raw
chroot-sftp.sh
#! /bin/bash
# Create chrooted sftp user
export U=keats
# ensure group exists
sudo addgroup sftponly
# create user
sudo useradd \
-d /home/$U \
-s /usr/lib/sftp-server \
-M -N -g sftponly $U
# add group to sshd
sudo tee -a /etc/ssh/sshd_config <<EOF
Match group sftponly
ChrootDirectory %h
X11Forwarding no
ForceCommand internal-sftp
AllowTcpForwarding no
EOF
# change subsystem
sudo sed -i 's/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/Subsystem sftp internal-sftp/' /etc/ssh/sshd_config
# add new shell
echo "/usr/lib/sftp-server" | sudo tee -a /etc/shells
# create filesystem tree
sudo mkdir -p /home/$U/{Movies,TV,.ssh}
sudo chown -R $U:sftponly /home/$U/*
sudo mount --rbind /home/media/Movies /home/$U/Movies -o ro
sudo mount --rbind /home/media/TV /home/$U/TV -o ro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment