Skip to content

標籤: sftponly

限制SFTP用戶只能到自己家目錄

Add the following to the end of the /etc/ssh/sshd_config file:

Subsystem sftp internal-sftp

# This section must be placed at the very end of sshd_config
Match Group sftponly
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

This means that all users in the ‘sftponly’ group will be chroot’d to their home directory, where they only will be able to run internal SFTP processes.

Now you can create the group sftponly by running the following command: