How to configure chroot SFTP in Linux

Pradeep Kumar

I am a huge fan of open source and love to share How To’s tutorials on Linux, Cloud and DevOps. I have been working as Linux Consultant, Cloud & DevOps Engineer since 2010

You may also like...

13 Responses

  1. boris b says:

    I like sftp much better than regular FTP. Main reason, you can exchange keys for user that use SFTP so there are no passwords. This improves security on your server!!!

  2. Gopal Kalita says:

    I have followed the exact steps given in the tutorial, but I am getting error in uploading a file. I am able to downlaod any files.
    sftp> put sftp_file
    Uploading sftp_file to /upload/sftp_file
    remote open(“/upload/sftp_file”): Permission denied
    sftp>

    Is SELinux need to be configured anyway?

    • Pradeep Kumar says:

      Hi Gopal ,

      If Selinux is enable on your linux box , then for Chroot SFTP you need to write SELiux rule “setsebool -P ssh_chroot_rw_homedirs on”.

      I hope this might help you.

  3. hpcolo says:

    Following the same exact instructions In ubuntu 14.04 I got an error after entering the password when invoking ssh wstest@localhost : Write failed broken pipe

    • Pradeep Kumar says:

      Hi ,

      These steps are tested on CentOS 6.X and RHEL 6.X , i am not sure whether these steps will work on Ubuntu Linux.

    • Mark Wilson says:

      I usually see this error when I don’t have ‘root’ set as the owner & group and 755 for permissions of the user’s directory (‘Jack’ in the author’s example).

  4. fred gannett says:

    This line needs some improvement

    [root@localhost jack]# chown jack. /home/jack upload/

    1) All the commands above have absolute directory paths. This command make assumption that it’s in the directory /home.
    2) There is a . DOT after jack ? Either a typo or means current directory. See 1.
    3) Why upload/ is this just upload or /home/jack/upload ?

    [root@localhost jack]# cd /home/jack ; chown jack $PWD /home/jack/upload

    • Pradeep Kumar says:

      Hi Fred ,

      I have used . DOT after jack in chown command because i want to make this user both File Owner and Group Owner of upload folder. I have choose upload folder because i want jack user to upload its files and directory on upload directory only.

  5. Benjamin Weiss says:

    I’ve gone through this step by step, but when I try to log in using WinSCP, I get “Error listing directory ‘/upload’ Permission denied.
    Error code: 3
    Error message from server: Permission denied
    Request code: 11

    I can go into the folder, but I can’t list anything, and when I try to upload a file I get Permission denied.
    Error code: 3
    Error message from server: Permission denied
    Request code: 3

  6. Benjamin Weiss says:

    Okay, when I put SELinux in Permissive mode, it works. I’m running CentOS 6, and I tried your setsebool -P ssh_chroot_rw_homedirs on but it didn’t work.

    Sorry for the multiple posts

  7. Timal Mangra says:

    These instructions WILL NOT work for Ubuntu Linux and you will effectively lock yourself (admin/root) out if working remotely.

  8. andrey says:

    This solve problem with permission denide on enabled selinux:
    setsebool -P ssh_chroot_full_access on

Leave a Reply

Your email address will not be published. Required fields are marked *