Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-expand-tabs-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/websitedevait/public_html/wp-includes/functions.php on line 6131
How do I create an SSH user that is restricted to their home directory only? | Advanced Internet Technologies

Support

1-877-209-5184

Sales

1-877-404-4149

How do I create an SSH user that is restricted to their home directory only?

Sep 18, 2023 | Linux Self Managed

This can be accomplished by enabling the rbash or restricted shell for the SSH user. Follow the steps below.

  1. Create the user on the server using the adduser command.
  2. Once the user is created, change the home directory in the `/etc/passwd` file. An example is below showing the home directory for each (see the 6th column in this example).
  3. user1:x:1217:1218::/home/user1:/bin/bash
  4. user2:x:1218:1219::/home/user2:/bin/bash
  5. user3:x:1219:1220::/home/user3:/bin/bash
  6. user4:x:1220:1221::/home/user4:/bin/bash

Change the shell from `/bin/bash` to `/bin/rbash` and save the file.

Link the /bin/bash binary to a new name called ‘rbash’. Use the following symbolic link command.

ln -s /bin/rbash /bin/bash

Edit the `/etc/ssh/sshd_config` and add the following to the bottom of the file.

Match group sftp

ForceCommand internal-sftp

ChrootDirectory %h

X11Forwarding no

AllowTcpForwarding no

Restart the sshd service. **NOTE: It is best to have another session connected via SSH in the event you lock yourself out.

service sshd restart

  1. Ensure the user’s home should be root-owned and have 755 permissions. This example is done on the user’s home directory of /home/user1 below.

chmod 755 /home/user1

chown root.root /home/user1