- Login on the Linux server (sftp) as root and create a new user account with the following Shell commands:
useradd computeman-user
passwd computeman-user
- On the client system copy the ssh keys to the server:
ssh-copy-id computeman-user@computeman-server
- On the client system verify the ssh keys so that a password-less login can be made to the server:
ssh computeman-uer@computeman-server
- Verify sftp connection is working passwordless from the client system to server:
sftp computeman-user@computeman-server
- At this stage, computeman-user from client system can ssh and sftp with entering password and have access to all directories. Now make necessary changes to chroot computeman-user caged to a specific directory.
- On Linux server create a new group to add chroot computeman-user with
groupadd sftpuser - Make a directory for chrooot computeman-user with
mkdir /files - Make a subdirectory for computeman-user that has to be chroot with
mkdir /files/computeman-user - Create a home directory for computeman-user with mkdir /files/computeman-user/home
- Add computeman-user to new group you added in previous steps which sftpuser in our case with
usermod -aG sftpuser computeman-user - Modify permissions of home directory
/files/computeman-user/homeof computeman-user withchown computeman-user:ftpuser /files/computeman-user/home - Open /etc/ssh/sshd_config in text editor like vi and add following code:
Subsystem sftp internal-sftp -d /home
Match Group sftpuser
ChrootDirectory /files/%u
- Restart sshd service with
systemctl restart sshd - Now try to connect via ssh and as user computeman-user from the client system to the server. You will not be able to connect via ssh but only through sftp. Also, try connecting with sftp which will be connected to the server without any issue. This solution will allow other users to connect through ssh to the server.