Shami's Blog

DevOps because uptime is not optional

FreeBSD SCP Chroot

· 1 min read FreeBSD

Quick one here, if you want to create an SCP only user on FreeBSD just do the following

1pw user add USERNAME -d /USERNAME
2mkdir /path/to/chroot/folder
3chown root:wheel /path/to/chroot/folder
4mkdir /path/to/chroot/folder/USERNAME
5chown USERNAME:USERNAME /path/to/chroot/folder/USERNAME

Now add the following at the end of your sshd_config

1Match User USERNAME
2    ChrootDirectory /path/to/chroot/folder
3    X11Forwarding no
4    AllowTcpForwarding no
5    ForceCommand       internal-sftp

Now run service sshd reload And you’ll be good to go. When the user logs in they will notice the path as /USERNAME. If you don’t want that you can set the home direct ory of the user to / but in that case the user would only have read only access to their home folder which might not be what you want.

About Me

Dev gone Ops gone DevOps. Any views expressed on this blog are mine alone and do not necessarily reflect the views of my employer.

Recent Posts

Categories