# How to jail the sftp users to home directorys ?

## EstebanGonzales

Hi im looking to Install a Secure FTP Server on one of my systems/ 

Can anyone reccomend a good one to use ? 

I need to be able to upload files to the server from remote locations mostly for windows users and some linux.

I need one that is fairly easy to use. 

Thanks   :Very Happy: Last edited by EstebanGonzales on Sun Oct 17, 2010 10:39 am; edited 1 time in total

----------

## TJNII

Enable SFTP support in ssh.

Uncomment the following line in your sshd_config file:

```
Subsystem       sftp    /usr/lib/misc/sftp-server
```

If memory serves the clients I use are sftp for Linux and win-scp for Windows.  I haven't used it in a while, though.  This rides on top of ssh, so you don't need to forward anything other than your ssh port.

Don't use old-school FTP.  Clear text passwords are bad, mmmkay?

----------

## EstebanGonzales

Ok excellent thanks I will give this ago. 

Is there any important things I need to no when enabling this ? 

Can i make the users chrooted into there own www directorys so they can not move around the Server ? 

If so how would i go about doing this ? 

Cheers

----------

## TJNII

If you want to chroot and jail the users vsftpd may be better as I don't think sftp can do that.  vsftpd is plain ftp so it does have the issue of clear text passwords, but you should be able to encrypt it to mitigate that problem.  I believe vsftpd is programmed with what you want to do in mind, so look into that.

I can't offer specific advice beyond that, I've only used vsftpd to set up a very basic FTP server to push drivers into EFI.

----------

## EstebanGonzales

Im looking to do it through shh i no it can be done but now sure how to set it up .

----------

## Ant P.

You want ChrootDirectory. man sshd_config.

----------

## EstebanGonzales

Ok thanks for your reply but the man file doesnt reall explaine at all how to set this up.

----------

## Ant P.

```
Match User sftpuser*

    ChrootDirectory /home/%u

    ForceCommand internal-sftp

```

etc.

----------

## Goverp

 *TJNII wrote:*   

> If you want to chroot and jail the users vsftpd may be better as I don't think sftp can do that.  vsftpd is plain ftp so it does have the issue of clear text passwords, but you should be able to encrypt it to mitigate that problem.  I believe vsftpd is programmed with what you want to do in mind, so look into that. ...EFI.

 

Sadly, it's not at all easy to add encryption to a straight FTP implementation.  SFTP uses a completely different approach to provide a secure connection.

What this means is that vsftp is not suitable if you want a secure connection; where it is useful is when you want to offer plain FTP with decent control on what clients can do.  If you want a secure connection, you need SFTP.

----------

## EstebanGonzales

Sftp is what i need and is what I have at the moment. 

What im trying to do is jail the users but having extreme problems doing this

----------

## py-ro

You can simply use proftpd with mod_sftp. But, either ssh or sftp must change its port.

Py

----------

