Ubuntu - rssh - sftp only, with chroot

1 minute read

Here’s how to setup rssh on Ubuntu, to allow sftp only with a chroot directory. Note that these instructions are for Ubuntu Server 9.04 x64, other versions may require c

First, add the rssh package.

sudo apt-get install rssh

Second, edit /etc/rssh.conf. Uncomment the #allowsftp line and one of the #chrootpath lines, and set the chrootpath to wherever you want your top-level chroot directory.

Third, modify or add whichever users you want to access using sftp and set their shell to /usr/bin/rssh.

Fourth, setup the chroot environment, which includes copying the following from the main system into your chroot directory:


Additionally, setup these links, again copying what’s setup in the main system.


You may want to strip out users/groups you don’t want visible from the etc/passwd and etc/group files.

Fifth, create a dev directory in your chroot directory, then create a /dev/null in it as follows.

mknod -m 666 dev/null c 1 3

Sixth, edit /etc/default/syslogd and update the SYSLOGD="" line as follows.

SYSLOGD="-a /[chroot dir]/dev/log"

Then restart syslogd.

sudo /etc/init.d/sysklogd restart

Finally, test.

Note that if you add users/groups to the system /etc/passwd and /etc/group files they will need to be copied again (possibly just the new lines) into the appropriate files in the chroot directory’s etc.


Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only