SFTP chroot howto

If anybody needs to lock (chroot) an SFTP user to his own folder I did it like this (might be improved)

After having enabled ShellOverrideStatus (while i’m unsure that’s needed actually) :

Create chrooted group and assign it to an user.

mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config/
nano /etc/e-smith/templates-custom/etc/ssh/sshd_config/69chrootedSFTP

add the following contents :

match Group chrooted@yourdomain.tld
   ChrootDirectory /var/lib/nethserver/home/
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no

And finally

signal-event nethserver-openssh-save

The users in chrooted group will only be able to access their own home folder.

(further security tests should be done : that’s a quick and maybe dirty solution)