FreeBSD: chroot SFTP users

configure policy for group

/etc/ssh/sshd_config

Match Group sftp-users
    ChrootDirectory /home/%u
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

configure policy for single user

/etc/ssh/sshd_config

Match User sftp-test
    ChrootDirectory %h
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

N.B.
chown the user home root:wheel (mandatory!)

chown root:wheel /home/sftp-test
mkdir /home/sftp-test/writable
chmod 755 /home/sftp-test/writable 
chown sftp-test:sftp-users /home/sftp-test/writable
pw usermod sftp-test -d /writable

—
return to gimbo wiki home page