Hi, the sshd_config manpage is very brief when describing what needs to be done to create a usable chroot environment. <quote> ChrootDirectory Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory. Arguments to ChrootDirectory accept the tokens described in the TOKENS section. The ChrootDirectory must contain the necessary files and directories to support the user's session. For an interactive session this requires at least a shell, typically sh(1), and basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4), and tty(4) devices. For file transfer sessions using SFTP no additional configuration of the environment is necessary if the in-process sftp-server is used, though ses‐ sions which use logging may require /dev/log inside the chroot directory on some operating systems (see sftp-server(8) for details). For safety, it is very important that the directory hierarchy be prevented from modification by other pro‐ cesses on the system (especially those outside the jail). Misconfiguration can lead to unsafe environments which sshd(8) cannot detect. The default is none, indicating not to chroot(2). </quote> There is a nice webpage https://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze which links to a script make_chroot_jail.sh from http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/ . Unfortunately, nobody improved it to support Gentoo paths. Could be a patched version be included in Gentoo?
https://github.com/pmenhart/make_chroot_jail
https://github.com/pmenhart/make_chroot_jail/blob/master/make_chroot_jail.sh#L134
(In reply to Jeroen Roovers from comment #2) > https://github.com/pmenhart/make_chroot_jail/blob/master/make_chroot_jail. > sh#L134 I meant https://github.com/pmenhart/make_chroot_jail/blob/master/make_chroot_jail.sh#L120