{"id":568,"date":"2018-06-01T13:32:00","date_gmt":"2018-06-01T18:32:00","guid":{"rendered":"https:\/\/marcblase.com\/blog\/?p=568"},"modified":"2018-06-01T13:41:55","modified_gmt":"2018-06-01T18:41:55","slug":"sftp-only-share-with-chroot-using-mount-bind-to-share-directory","status":"publish","type":"post","link":"https:\/\/ma.rcbla.se\/blog\/2018\/06\/sftp-only-share-with-chroot-using-mount-bind-to-share-directory\/","title":{"rendered":"Jailed SFTP only share with chroot using mount &#8211;bind to share directory"},"content":{"rendered":"<p>1) Setup SSH jail in \/etc\/ssh\/sshd_config<br \/>\n<code>Match User JAILED_USER_NAME<br \/>\n &nbsp; ForceCommand internal-sftp<br \/>\n &nbsp; ChrootDirectory \/jailed\/directory<br \/>\n &nbsp; AllowTcpForwarding no<br \/>\n &nbsp; X11Forwarding no<\/code><\/p>\n<p>2) Restart SSHD<br \/>\n<code>systemctl restart sshd<\/code><\/p>\n<p>3) Test<\/p>\n<p>4) Setup dir share from somewhere else in filesystem using:<br \/>\n<code>mount --bind \/jailed\/directory \/somewhere\/else<\/code><\/p>\n<p>Remember that path to jailed dir must be owned by <code>root<\/code> and the share dir must be in a group that is writable by the jailed user. This will also only stick around till the next reboot, if you need something more permanent look into using fstab.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1) Setup SSH jail in \/etc\/ssh\/sshd_config Match User JAILED_USER_NAME &nbsp; ForceCommand internal-sftp &nbsp; ChrootDirectory \/jailed\/directory &nbsp; AllowTcpForwarding no &nbsp; X11Forwarding no 2) Restart SSHD systemctl restart sshd 3) Test 4) Setup dir share from somewhere else in filesystem using: mount &#8211;bind \/jailed\/directory \/somewhere\/else Remember that path to jailed dir must be owned by root and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[65],"tags":[],"class_list":["post-568","post","type-post","status-publish","format-standard","hentry","category-sysadmin"],"_links":{"self":[{"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/comments?post=568"}],"version-history":[{"count":5,"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/posts\/568\/revisions"}],"predecessor-version":[{"id":573,"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/posts\/568\/revisions\/573"}],"wp:attachment":[{"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/media?parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/categories?post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ma.rcbla.se\/blog\/wp-json\/wp\/v2\/tags?post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}