howto chroot ssh ...

Dario Lesca d.lesca at
Thu Nov 4 09:06:16 UTC 2004

... for a single user.
I must only allow the download/upload files with scp or sftp-server.

Now I use this script (*) in the shell command of user, but I not know
howto chroot the sftp-server command ....

Some suggest?

Many thanks


[lesca at lesca ssh-chroot]$ cat
#Shell for allow only scp <d${DOT}lesca${AT}>
#useradd -s /usr/local/bin/ scpuser
#echo "par: $1|$2|$3|$4|$5" > /dev/pts/0 2>&1
SCP_CMD="echo /usr/bin/scp"
SFTP_CMD="echo /usr/libexec/openssh/sftp-server"
# If exist ...
test -f /etc/onlyscp.conf && source /etc/onlyscp.conf
case "$DOWNL:$UPLOAD:$SFTP:$@" in
yes:*:*:-c\ scp\ -f\ *)
        f=$(echo "$@"|sed -e 's|^-c scp -f ||')
        f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
        eval "$SCP_CMD -f $f"
*:yes:*:-c\ scp\ -t\ *)
        f=$(echo "$@"|sed -e 's|^-c scp -t ||')
        f=$(echo "./$f"|sed -e 's|\.\./|::/|g')
        eval "$SCP_CMD -t $f"
*:*:yes:-c\ */sftp-server)
        eval "$SFTP_CMD"
-c\ ls*)
        (find * -type f |xargs ls -lad) 1>&2
        echo "Operazione Non Supportata"
        echo "Comandi ammessi: scp from & to + ls"
        sleep 2
        echo -e "Premi un tasto x uscire\c"
        read -t 3 a
        exit 3

exit 0

Dario Lesca <d.lesca at>

More information about the users mailing list