Using OpenSSH you can bind SSH, SFTP, SCP users to their home directory and restrict them to access other directories on the SSH server. In this article we will configure SCP on chroot ssh jail in the secure chroot ssh environment.
How to configure chroot scp on CentOS 7?
How to configure chroot scp on RHEL 7?
Chroot scp configuration on Linux
Chroot scp server
scp chroot jail
scp over chroot ssh
Setting up a secure or chroot ssh and scp environment requires a sandox environment which has its own libraries and binaries. In this article, we’ll bind all
scp users who are part of chrootssh group into
/data/chroot-ssh directory. This article has been tested on CentOS 7 and RHEL 7. You can refer to the steps given in this article to configure chroot ssh and scp on other Linux distributions.
- In order to setup SCP on chroot ssh jail, the prerequisite is to setup chroot SSH environment – click here.
- After chroot ssh environment setup is completed, execute following set of commands to get
scpcommand working in chroot ssh sandbox environment.
- Remove all contents from
rm -rf /data/chroot-ssh/lib64/*
/data/chroot-ssh/lib64directory with mount bind option.
mount --bind /lib64 /data/chroot-ssh/lib64 # To the make the above mount permanent add the following configuration in /etc/fstab file. /lib64 /data/chroot-ssh/lib64 - defaults,bind 0 0
- Copy scp binary to
cp -p /usr/bin/scp /data/chroot-ssh/bin/
- Create a passwd and group file in
/data/chroot-ssh/etcdirectory and then copy the specific ssh user and group information to passwd and group file in
# sample chroot ssh user is test ssh and group is chrootssh cd /data/chroot-ssh/etc grep chrootssh /etc/group >> group grep testssh /etc/passwd >> passwd
- Now restart sshd service then test scp file transfer from the client system.
Execute the following command for ssh login and scp file transfer testing.
# SCP file transfer $ scp file1.txt firstname.lastname@example.org:~/ email@example.com's password: file1.txt 100% 0 0.0KB/s 00:00 # SSH Login $ ssh firstname.lastname@example.org email@example.com's password: -bash-4.2$ pwd /home/testssh -bash-4.2$ ls file1.txt
If you have enjoyed the above article, the following are add on articles related to SCP on chroot ssh jail:
- SSH|SFTP Passwordless Login on Linux|CentOS|RHEL|Ubutu
- Chroot SFTP Configuration
- passwordless chroot SFTP
- SSH login delay|slow
- SFTP on chroot ssh jail
- Rsync on chroot jail
- Chroot SSH Configuration