Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-expand-tabs-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/websitedevait/public_html/wp-includes/functions.php on line 6131
How do I create an SSH user that is restricted to their home directory only? | Advanced Internet Technologies

Support

1-877-209-5184

Sales

1-877-404-4149

How do I create an SSH user that is restricted to their home directory only?

Jul 20, 2023 | SSH (Secure Shell)

This can be accomplished by enabling the rbash or restricted shell for the SSH user. Follow the steps below.

  • Create the user on the server using the adduser command.
  • Once the user is created, change the home directory in the /etc/passwd file. An example is below showing the home directory for each (see the 6th column in this example).
user1:x:1217:1218::/home/user1:/bin/bash
user2:x:1218:1219::/home/user2:/bin/bash
user3:x:1219:1220::/home/user3:/bin/bash
user4:x:1220:1221::/home/user4:/bin/bash
  • Change the shell from /bin/bash to /bin/rbash and save the file.
  • Link the /bin/bash binary to a new name called ‘rbash’. Use the following symbolic link command.
ln -s /bin/rbash /bin/bash
  • Edit the /etc/ssh/sshd_config and add the following to the bottom of the file.
Match group sftp
ForceCommand internal-sftp
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
  • Restart the sshd service. **NOTE: It is best to have another session connected via SSH in the event you lock yourself out.
service sshd restart
  • Ensure the user’s home should be root-owned and have 755 permissions. This example is done on the user’s home directory of /home/user1 below.
chmod 755 /home/user1
chown root.root /home/user1