Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : chrooted SFTP

[kselva]

Hi All,

I have implemented sftp(through ssh) and blocked pureftp in my cpanel linux vps for security resons . Now i am facing issue with sftp. The issue is that a user when logins into server through sftp,he gets permission to traverse to / directory . So the user can now able to view logs in /var/logs and also can view files in /proc direcory . So i want to chroot the user for their sftp login . I tried rssh but i got the following error :

Feb 1 21:24:59 host rssh[13889]: chroot cmd line: /usr/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server"


Please tell how can i impliment chroot sftp or tell the way i block the access of user to / directory in sftp.

Thanks in advance....

[madaboutlinux]

Was normal shell enabled for the client OR Jailed shell? With Jailed shell a client cannot traverse out of his home directory, so enable it and see if it works in similar fashion for sftp as well.

[kselva]

Thanks for your reply...

I have given jailshell(/usr/local/cpanel/bin/jailshell) to a user , but when that user logins into server through ssh or through SFTP ,then that can traverse to / directory and view all files as in the normal shell

[kselva]

hi,

I have finally got the solution for chroot SFTP --- i have installed proftpd with sftp module .