Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # change username and password here:
- username="user"
- password="user"
- # create groups
- groupadd sftp
- # create chrooted user
- useradd -m $username -G sftp
- echo $username:$password | chpasswd
- # enable password authentication in sshd
- cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before_chroot
- cat /etc/ssh/sshd_config | sed -e "s/PasswordAuthentication no/PasswordAuthentication yes/" > /etc/ssh/temp_sshd_config
- mv -f /etc/ssh/temp_sshd_config /etc/ssh/sshd_config
- # disable default sftp subsystem configuration in sshd
- sed -e '/Subsystem sftp/ s/^#*/#/' -i /etc/ssh/sshd_config
- # add sftp subsystem configuration to sshd
- echo "Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config
- echo "Match Group sftp" >> /etc/ssh/sshd_config
- echo " ChrootDirectory %h" >> /etc/ssh/sshd_config
- echo " AllowTcpForwarding no" >> /etc/ssh/sshd_config
- # restart ssh service
- #/etc/init.d/sshd restart
- systemctl restart sshd
- # create the chrooted directory structure
- mkdir /home/$username/bin
- mkdir /home/$username/dir
- mkdir /home/$username/usr
- mkdir /home/$username/usr/bin
- mkdir /home/$username/usr/lib64
- mkdir /home/$username/usr/libexec
- mkdir /home/$username/lib/
- mkdir /home/$username/lib64
- mkdir /home/$username/etc
- mkdir /home/$username/dev
- mkdir /home/$username/dev/pts
- # create non-files
- mknod -m 666 /home/$username/dev/null c 1 3
- mknod -m 666 /home/$username/dev/tty c 5 0
- mknod -m 666 /home/$username/dev/zero c 1 5
- mknod -m 666 /home/$username/dev/random c 1 8
- mount --bind /dev/pts /home/$username/dev/pts
- # get the directory permissions right
- chown $username.$username /home/$username/. -R
- chmod 0755 /home/$username/bin
- chmod 0666 /home/$username/.bashrc
- chown root.root /home/$username
- chmod 0755 /home/$username
Add Comment
Please, Sign In to add comment