Print | Rate this content

HP-UX Secure Shell Software - How to Setup a Chroot User for sftp and ssh

Information

The following information provides the steps to create successfully a chroot user for sftp and ssh access from a remote system. The order needs to be followed, as well as the permissions and ownership need to be set correctly (755 ), for this to work successfully.

Details

Complete the following steps:

  1. Create a user in SAM or SMH:


    scootie:IkeVVIWvFWH3c:122:20:Jo Ann Coffaro,WAH,xxx-xxx-xxxx,:/home/scootie:/usr /bin/sh

  2. Run the following command:

    chmod 755 scootie

    drwxr-xr-x 2 scootie users 96 Jun 22 11:37

    (If this is set to owner root, you must change it to the user's user id and group users.)

    Edit the file /opt/ssh/etc/sshd_config as in the following example:


    # override default of no subsystems Subsystem sftp /opt/ssh/libexec/sftp-server
    # sftp-server umask control
    #SftpUmask
    #SftpPermitChmod no
    #SftpPermitChown no
    Match User joann
    ChrootDirectory /newroot
    Match User mabch
    ChrootDirectory /newroot2
    Match User scootie
    ChrootDirectory /newroot

  3. Now, run the chroot setup:

    cd /opt/ssh/utils ./ssh_chroot_setup.sh

    Select one of the option below

    1.Configure a chroot enviroment

    2.Exit

    Enter your choice :

    Select chroot secure shell option

    1 sftp

    2 ssh & sftp & scp

    press return key to skip this step

    Option : 2

    Now configuring the chroot environment for ssh & sftp & scp...finished

    Summary

    Chroot-ed user : scootie
    Chroot-ed user's new root directory : /newroot Secure Shell configuration : SSH & SFTP & SCP
    press Return key

    Restart ssh:

    /sbin/init.d/secsh stop
    HP-UX Secure Shell stopped
    /sbin/init.d/secsh start HP-UX Secure Shell started

    cd /newroot root@host# ll total 32
    drwxr-xr-x root bin 96 Jun 18 18:01 bin
    drwxr-xr-x 3 root bin 96 Jun 22 11:42 dev drwxr-xr-x 2 root bin 96 Jun 18 18:01 etc drwxr-xr-x 4 root sys 96 Jun 22 11:42 home -drwxr-xr-x 2 root bin 96 Jun 18 18:01 sbin drwxr-xr-x 2 root root 96 Jun 18 18:01 tmp drwxr-xr-x 4 root bin 96 Jun 18 18:01 usr drwxr-xr-x 3 root bin 96 Jun 18 18:01 var

    cd home root@host# ll

    drwxr-xr-x 11 joann users 8192 Jun 22 10:35 joann drwxr-xr-x 2 scootie users 96 Jun 22 11:42 sccotie

NOTE: The owner and group have to match /home/scootie in step 2.

I can now copy a file from another server to chroot user scootie:

sftp scootie@host.cup.hp.com Connecting to bali.cup.hp.com... Password: sftp> ls sftp> put testforchroot


Uploading home/scootie/testforchroot 100%
45 0.0KB/s 00:00

My passwd file now looks like:

vi /etc/passwd
scootie:IkeVVIWvFWH3c:122:20:chrooted user:/home/scootie:/bin/sh

I can now ssh to scootie:

$ ssh scootie@host.cup.hp.com

Password:


$ pwd /home/scootie
$ ls testforchroot
$ cd ..
$ ls joann scootie
$ cd .. $ ls bin home opt usr dev sbin var etc tmp

As you can see, I am jailed into the /newroot directory as scootie.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!