Restrict SSH User Access to Certain Directory Using Chrooted Jail

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

35 Responses

  1. Riccardo says:

    To make SSH works, you should add urandom under dev, all libnss and nsswitch.conf:

    # mknod -m 0644 urandom c 1 9
    # cp -v /dev/libnss* /home/.../dev
    # cp -v /etc/nsswitch.conf /home/../etc
  2. Engel says:

    Hi there,

    I followed all steps in this article and works just fine, but I got a problem, I need that the jailed user runs certain commands as sudoer. In order to achieve that I edit /etc/sudoers but when I execute sudo in jailed session I got this error.

    sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
  3. argmuy says:

    Excellent post! Please how can i use SSH client from jailed user to connect to to other server?

    I want to set up only one server whit ssh open port with a jailed user and from here can connect to others servers on my LAN.


  4. zodiac says:

    Above commands should be accessible to the user when they SSH to the server. That is my requirement. But it isn’t working in this process. could you help to achieve that??

  5. Infrarchitect says:

    I have some issue making SFTP work at the same time.

    The answer is to have the following line in sshd_config :

    Subsystem sftp internal-sftp
  6. Alex says:

    AWESOME write-up. Combining this with AD is a huge step in maintaining good security controls that mitigate many risks inherent in FOSS. I’ve been doing this stuff for many years and always appreciate concise and accurate write-ups like these. For file servers things like getfacl, setfacl and id [email protected] come to mind…

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.