chrooted SFTP (show only user files)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I just started using ssh/rssh , so I have a quick and maybe obvious

I want to create a SFTP only  rssh configuration,
I want users that login using SFTP  to see their home
directory and nothing else.

Please advise the correct  directory structure and
rssh configuration for what I am trying to accomplish.

I have the impression that if I setup  a  chroot path  /home/chroot
and copy inside all the needed files   /etc   /lib  , etc.  users will also
see these folders and files when they login using SFTP.

Also if I place user home directories in this folder
 how to make so they don't see  home directories of other users.

I am using  Fedora Core 4 , and it would be great if this configuration
would work with  Plesk 8 (i have an option in Plesk to choose the
shell for each user).

Also is scponlyc better for this task, and what would be the diffrence
between  scponlyc and rssh security wise.

Re: chrooted SFTP (show only user files)

Robert wrote:
Quoted text here. Click to load it

Don't bother, if I may suggest. Since you can get similar functionality with
WebDAV over SSH, which has built-in client access via the Windows Network
Neighborhood, via Konqueror in Linux, and via Java clients in every OS under
the sun, it's much easier to set up than compiling your own version of

If you need to to this, you need to apply source patches: I've updated and
published old ones in the past, since SSH 1, and they've never been well
supported or integrated into OpenSSH: the authors have apparently kept their
foci on other features. If you need to do it, go to and take a look at what's already

Working from there, you'll need to build the actual chroot cages and decide
on their layout. Let us know if you need help with that.

Re: chrooted SFTP (show only user files)

Nico Kadel-Garcia wrote:
Quoted text here. Click to load it

Gahhh, that's WebDAV over HTTPS. That's what i get for being up at this

Re: chrooted SFTP (show only user files)

Quoted text here. Click to load it /


Quoted text here. Click to load it

Unsure what plesk really is, might be just another click&droll
admin tool? Doubtable if will work without enhancing it, those
tools just don't have any flexibility and should be avoided

Quoted text here. Click to load it

scponly is just another possibility, only you can decide if it
suits your task better, just try it out.

Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 181: Atilla the Hub

Re: chrooted SFTP (show only user files)

Quoted text here. Click to load it

when you are running a hosting server I think drag & drop tools make
sense, since not every user is a pro, however some of them need more control
over their dedicated servers and VPS accounts.

unfortunately , I don't think that in this particular case I will be able to
use SSH chroot patch
on this server since SSH is the only way I can connect.

I got 'rssh'  and 'scponlyc' running , however when a user connects using a
client -  besides his home directory files he can also see the chroot folder

and so on ,

any idea how I could hide these files ?  I noticed some hosting providers
are using RSSH
(but I am not sure maybe they also patched SSH  ?)
and somehow when I connect using SFTP I only see my home directory files and
nothing more.

How long do we have to wait till we get a SFPT-only daemon application that
does not
depend on SSH ? An application that has it's own  user table (with no need
to create system users, and
then  lock them out) ...

Ironically,  there are already such solutions freely available for Windows
( /).

Site Timeline