Tutorial Chroot Jail SFTP Only on centos

Tutorial Chroot Jail SFTP Only on centos, when you need This? with Chroot Jail will majorly increase security for a multi-user server. this is make your server save and secure for multi-user. lets see how usefull chroot jail SFTP only on centos for multi user from your server.

Lock users to their home directory
This blocks their eyes from the rest of your system and from files like: system binaries, other users’ files, backups, configuration files

Disable regular ssh access
Many users just having a web site won’t need an actual command interface. Its just one more thing to be hacked.

This tutorial jail chroot centos uses the /opt directory to install the necessary dependences. If you wish to install them anywhere else or do not have an opt directory on your server you may do so, but make sure to change all the paths in the code below. All commands must be run as root. OpenSSH ver5 is much cleaner and uses less hacks then ver4. If you need to jail users, make sure to update to version 5

there is any 10 Step to setup, configuration and install chroot jail for sftp.
1. we need GNU Compiler Collection (GCC) lets install first.

2. Install zlib

3. Now we install openssl into the opt directory as well

4. we will download openssh

5. now we need install openssh
we will install openssh. To find where your xauth file is located you may need to run the “which xauth” command

6. automatically run the new ssh shell, we will use init.

restart your ssh

or

then

and you will get output :

7. Next you need to edit ‘/opt/openssh/etc/sshd_config’ to enable the jail.
Replace any lines starting with ‘subsystem’ with this line:

Also add (at the bottom of the file) the following lines

8. We will need to create the ‘sftponly’ group so we can add our untrustworthly users to it. Also, we set up the environment to allow jailing.

now when you create users that need to be jailed, make sure they belong to the ‘sftponly’ group. lets create new user and For the user “mycentos” with the password “mytest”,

To set up the jail run

9. Try to log in as mycentos through putty (or any ssh terminal). You should get some sort of error involving an abort or denied access.
Then try to log in as mark through winscp (or similar SFTP software).
10.now we have done, great you now have a jailed user on centos.

you can check from adamsworld

Leave a Reply

Your email address will not be published. Required fields are marked *