http://wiki.christophchamp.com/index.php?action=history&feed=atom&title=SftpSftp - Revision history2026-04-30T15:24:31ZRevision history for this page on the wikiMediaWiki 1.26.2http://wiki.christophchamp.com/index.php?title=Sftp&diff=6121&oldid=prevChristoph at 11:40, 20 September 20142014-09-20T11:40:46Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 11:40, 20 September 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>'''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol''' or '''SFTP'') is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is an extension of the [[SSH|Secure Shell protocol]] (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol''' or '''SFTP<ins class="diffchange diffchange-inline">'</ins>'') is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is an extension of the [[SSH|Secure Shell protocol]] (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==SFTP chroot jail==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==SFTP chroot jail==</div></td></tr>
</table>Christophhttp://wiki.christophchamp.com/index.php?title=Sftp&diff=6120&oldid=prevChristoph at 11:40, 20 September 20142014-09-20T11:40:04Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 11:40, 20 September 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>'''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol'' or '''SFTP'') is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is an extension of the [[SSH|Secure Shell protocol]] (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>'''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol<ins class="diffchange diffchange-inline">'</ins>'' or '''SFTP'') is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is an extension of the [[SSH|Secure Shell protocol]] (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==SFTP chroot jail==</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>==SFTP chroot jail==</div></td></tr>
</table>Christophhttp://wiki.christophchamp.com/index.php?title=Sftp&diff=6119&oldid=prevChristoph: New page: '''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol'' or '''SFTP'') is a network protocol that provides file access, file transfer, and file management functionalities ...2014-09-20T11:39:48Z<p>New page: '''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol'' or '''SFTP'') is a network protocol that provides file access, file transfer, and file management functionalities ...</p>
<p><b>New page</b></p><div>'''SSH File Transfer Protocol''' (also '''Secure File Transfer Protocol'' or '''SFTP'') is a network protocol that provides file access, file transfer, and file management functionalities over any reliable data stream. It is an extension of the [[SSH|Secure Shell protocol]] (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols.<br />
<br />
==SFTP chroot jail==<br />
<br />
A "<code>chroot</code>" in [[Linux]] is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree. The term "chroot" may refer to the <code>chroot(2)</code> system call or the <code>chroot(8)</code> wrapper program. The following is how one would setup a modified environment (a "chroot jail") for a given directory that only allows a given user to access a specified directory (and only that directory, no other on the system).<br />
<br />
''NOTE: In the following example, there will be a user "<code>bob</code>" who only has access to upload/download files from the <code>/var/www/jail/bob</code> directory.''<br />
<br />
* Step#1: Add the following to the bottom of your <code>/etc/ssh/sshd_config</code> file<br />
<br />
Match user bob<br />
ChrootDirectory /var/www/jail/%u<br />
<br />
Then,<br />
$ sudo service ssh restart<br />
<br />
* Step #2: Run the following commands (as root/sudo):<br />
<br />
$ mkdir -p /var/www/jail/bob<br />
$ addgroup --system sftp-users<br />
$ useradd -m -s /bin/nologin -c "bob" -G sftp-users bob<br />
$ passwd bob # set password for user "bob"<br />
$ chown root:root /home/<br />
$ chown root:root /home/bob/<br />
$ chmod 755 /home/bob<br />
$ mkdir -p /home/bob/data<br />
$ chown -Rv bob:sftp-users data<br />
$ chown -Rv bob:sftp-users /var/www/jail/bob/<br />
$ mount --bind /var/www/jail/bob/ /home/bob/data/<br />
$ cat /etc/mtab # check that the following line exists<br />
/var/www/jail/bob /home/bob/data none rw,bind 0 0<br />
$ cp /etc/fstab{,.bak} # backup your old fstab<br />
$ tail -1 /etc/mtab >>/etc/fstab<br />
$ echo "Testing bob's SFTP chroot jail" >/home/bob/data/README<br />
$ chown root /var/www/jail/bob<br />
<br />
* Step #3: Testing your setup (where "<code>x.x.x.x</code>" is the IP address of the remote server):<br />
<br />
$ sftp bob@x.x.x.x<br />
sftp> ls<br />
README<br />
<br />
If all goes as planned, user "bob" should be able to read/download the "<code>README</code>" file and upload files to that <code>/var/www/jail/bob/</code> directory (and that directory only).<br />
<br />
==See also==<br />
*[[SSH]]<br />
<br />
[[Category:Linux Command Line Tools]]</div>Christoph