The service or information is not available at this time. Please try again later. Return to HP Support Center.
HPE Support document - HPE Support Center
Print | Rate this content

HP-UX Secure Shell Software - How to Setup a Chroot User for sftp and ssh


The following information provides the steps to create successfully a chroot user for sftp and ssh access from a remote system. The order needs to be followed, as well as the permissions and ownership need to be set correctly (755), for this to work successfully.


Complete the following steps:

  1. Create a user in SAM or SMH:

    scootie:IkeVVIWvFWH3c:122:20:Jo Ann Coffaro,WAH,xxx-xxx-xxxx,:/home/scootie:/usr /bin/sh

  2. Run the following command:

    chmod 755 scootie

    drwxr-xr-x 2 scootie users 96 Jun 22 11:37

    (If this is set to owner root, you must change it to the user's user id and group users.)

    Edit the file /opt/ssh/etc/sshd_config as in the following example:

    # override default of no subsystems Subsystem sftp /opt/ssh/libexec/sftp-server
    # sftp-server umask control
    #SftpPermitChmod no
    #SftpPermitChown no
    Match User joann
    ChrootDirectory /newroot
    Match User mabch
    ChrootDirectory /newroot2
    Match User scootie
    ChrootDirectory /newroot

  3. Now, run the chroot setup:

    cd /opt/ssh/utils ./

    Select one of the option below

    1.Configure a chroot enviroment


    Enter your choice :

    Select chroot secure shell option

    1 sftp

    2 ssh & sftp & scp

    press return key to skip this step

    Option : 2

    Now configuring the chroot environment for ssh & sftp & scp...finished


    Chroot-ed user : scootie
    Chroot-ed user's new root directory : /newroot Secure Shell configuration : SSH & SFTP & SCP
    press Return key

    Restart ssh:

    /sbin/init.d/secsh stop
    HP-UX Secure Shell stopped
    /sbin/init.d/secsh start HP-UX Secure Shell started

    cd /newroot root@host# ll total 32
    drwxr-xr-x root bin 96 Jun 18 18:01 bin
    drwxr-xr-x 3 root bin 96 Jun 22 11:42 dev drwxr-xr-x 2 root bin 96 Jun 18 18:01 etc drwxr-xr-x 4 root sys 96 Jun 22 11:42 home -drwxr-xr-x 2 root bin 96 Jun 18 18:01 sbin drwxr-xr-x 2 root root 96 Jun 18 18:01 tmp drwxr-xr-x 4 root bin 96 Jun 18 18:01 usr drwxr-xr-x 3 root bin 96 Jun 18 18:01 var

    cd home root@host# ll

    drwxr-xr-x 11 joann users 8192 Jun 22 10:35 joann drwxr-xr-x 2 scootie users 96 Jun 22 11:42 sccotie

NOTE: The owner and group have to match /home/scootie in step 2.

I can now copy a file from another server to chroot user scootie:

sftp Connecting to Password: sftp> ls sftp> put testforchroot

Uploading home/scootie/testforchroot 100%
45 0.0KB/s 00:00

My passwd file now looks like:

vi /etc/passwd
scootie:IkeVVIWvFWH3c:122:20:chrooted user:/home/scootie:/bin/sh

I can now ssh to scootie:

$ ssh


$ pwd /home/scootie
$ ls testforchroot
$ cd ..
$ ls joann scootie
$ cd .. $ ls bin home opt usr dev sbin var etc tmp

As you can see, I am jailed into the /newroot directory as scootie.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!
Document title: HP-UX Secure Shell Software - How to Setup a Chroot User for sftp and ssh
Document ID: emr_na-c01799530-1
How helpful was this document?
How can we improve this document?
Note: Only English language comments can be accepted at this time.
Please wait while we process your request.