SFTP Jail

SFTP Jail

I’m not an ISP and only provide site hosting to clients who we’ve developed sites for. Generally our clients don’t get access to their sites via SFTP since we do the site updates and we’re just not set up to let clients start FTPing on our servers. The clients who do need to make updates to their sites can either use the CMS we build for them or they can go to a ISP to host their site for them.

I’ve recently run into an exception where we needed to provide SFTP access to a couple of our clients. SFTP means we’d need to give them SSH access which translates into shell access. I’m not keen on giving shell access on my servers to anyone but my staff (and even then only to a select few). I’ve known about SSH jails, but never had a need to create one…until now.

So, I went at it and made myself a SSH jail for these select clients. I can now provide SFTP access to the clients web accounts while preventing them from being able to navigate to arbitrary locations on the server (and no shell access). Other than a few security alterations, I basically followed these directions to set up the server with a jail.