Created
December 21, 2022 14:44
-
-
Save tomwalsh/b6b5acf0390f872461964448e3746acf to your computer and use it in GitHub Desktop.
Ubuntu SCP/SFTP Chroot Helper Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
username="user" | |
chroot="/path/to/folder/to/chroot" | |
# create the chrooted directory structure | |
mkdir $chroot/bin | |
mkdir $chroot/usr | |
mkdir $chroot/usr/bin | |
mkdir $chroot/usr/lib | |
mkdir $chroot/usr/lib/x86_64-linux-gnu | |
mkdir $chroot/usr/lib/openssh | |
mkdir $chroot/lib/ | |
mkdir $chroot/lib/x86_64-linux-gnu | |
mkdir $chroot/lib64/ | |
mkdir $chroot/etc | |
mkdir $chroot/dev | |
mkdir $chroot/dev/pts | |
# copy all dependencies | |
cp --parents `ldd /bin/bash | cut -d " " -f 3` $chroot | |
cp --parents `ldd /usr/bin/scp | cut -d " " -f 3` $chroot | |
cp --parents `ldd /usr/lib/openssh/sftp-server | cut -d " " -f 3` $chroot | |
cp --parents `ldd /bin/ls | cut -d " " -f 3` $chroot/ | |
cp /lib/x86_64-linux-gnu/libnss* $chroot/lib/x86_64-linux-gnu/ | |
cp /lib/x86_64-linux-gnu/libtic.so* $chroot/lib/x86_64-linux-gnu/ | |
cp /lib64/ld-linux-x86-64.so.2 $chroot/lib64/ | |
cp /usr/lib/x86_64-linux-gnu/libssl.so.1.1 $chroot/usr/lib/x86_64-linux-gnu/ | |
cp /bin/bash $chroot/bin/ | |
cp /usr/bin/scp $chroot/usr/bin/scp | |
cp /usr/lib/openssh/sftp-server $chroot/usr/lib/openssh/ | |
cp /bin/ls $chroot/bin/ | |
cp -vf /etc/{passwd,group} $chroot/etc/ | |
cp -r /etc/ld.so* $chroot/etc/ | |
# create non-files | |
mknod -m 666 $chroot/dev/null c 1 3 | |
mknod -m 666 $chroot/dev/tty c 5 0 | |
mknod -m 666 $chroot/dev/zero c 1 5 | |
mknod -m 666 $chroot/dev/random c 1 8 | |
mount --bind /dev/pts $chroot/dev/pts | |
# get the directory permissions right | |
chown $username.$username $chroot/. -R | |
chmod 0755 $chroot/bin | |
chown root.root $chroot | |
chmod 0755 $chroot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This will allow you to set a
ChrootDirectory
for a user or group in thesshd_config
file on the server. Users will be jailed to that folder without access to the wider filesystem.This has been tested on Ubuntu 20.04, and was modified from a version that worked for Amazon Linux.