Chroot in OpenSSH / SFTP Feature Added To OpenSSH
For regular user accounts, a properly configured chroot jail is a rock solid security system. I've already written about chrooting sftp session using rssh. According to OpenBSD journal OpenSSH devs Damien Miller and Markus Friedl have recently added a chroot security feature to openssh itself:
Unfortunately, setting up a chroot(2) environment is complicated, fragile and annoying to maintain. The most frequent reason our users have given when asking for chroot support in sshd is so they can set up file servers that limit semi-trusted users to be able to access certain files only. Because of this, we have made this particular case very easy to configure.
This commit adds a chroot(2) facility to sshd, controlled by a new sshd_config(5) option "ChrootDirectory". This can be used to "jail" users into a limited view of the filesystem, such as their home directory, rather than letting them see the full filesystem.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Happy 8th Birthday, OpenSSH!
- Download of the Day: OpenSSH Server 5.0 ( security fix release )
- Secure communication with Kerberized OpenSSH on AIX using Windows Kerberos service
- Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only
- Lighttpd php segfault at 0000000000000040 rip 0000003e30228278 rsp 0000007fbffff708 error 4
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: chroot jail, ChrootDirectory, configure ssh chroot directory, openssh, openssh Chroot Directory, security system, ssh Chroot Directory, sshd Chroot Directory


Yes, this is a long time coming. You finally don’t have to jump through hoops now.
Any ideas when this will get placed into production and out of CVS? Hoping that it will be available in apt sources soon.
You mean I just did a whole upgrade to openssl, zlib, prngd, openssh, etc., and the chrootdirectory is still not in there. LOL!!! Looking forward to the release into production, and THANKYOU!!!
this is awesome. thanks.