You are here
Hi,
It has been well over 10 years since I've used a linux server and need a simple SFTP server so I downloaded Core and thought I'd give it a try. Installed in a VMware environment and have the server installed.
I want to have a separate disk as a repository for the users and have successfully created that finally. I called it 'data'.
I created a new user and group of the same name and after some fiddling figured out how to get the home directory on this new data disk. Escentially I created a 'data' mounting point and have a 'user1' directory on it which when I log into the server as 'user1' I am there by default and I can create and modify files.
I edited the /etc/ssh/sshd_config file and added the following:
Subsystem sftp internal-sftp
Match Group user1
ChrootDirectory /data
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
This seems to work except when I SFTP into it as user1 I am at the root of /data directory and I cannot send files to it. So I modified the sshd_config file to add /user to the ChrootDirectory statement.
Now I get an error: Using username: user1
Authentication failed.
Any suggestions? What did I miss?
As root I also set chmod 770 /data/user1 thinking it was a user rights issue.
Thanks in advance,
Linn
Chroot directory in ssh_config must be owned by root
To use your example, /data will need to be owned by root (but readable by your user) and inside you will need a sub dir, owned by your user and named after them. E.g. /data/user1.
To avoid user confusion (dropping into a dir that they can read but not write to), you can (re)set the chrooted user's home as /user1. That works because /data is the root (/) of the chroot, therefore within the chroot, /data/user1 appears as /user1.
Hope that helps. :)
Oops, I forgot to mention, you'll need to change the ssh_config and set the home as /data/%u (which will resolve to /data/user1).
Still not getting it
Hi,
Thanks for the quick response. Here is where I'm at...
If I look at /etc/passwd I see:
user1:x:2000:2000:user1 User:/data/user1:/bin/bash
I followed the directions in the wiki you referenced as follows:
chown root:root /data/user1
mkdir /data/user1/files
chown user1:user1 /data/user1/files
chmod 700 /data/user1/files user1
usermod -d /files user1
So ls -l /data shows:
drwxrwx--- 5 root root 4096 Dec 15 14:10 user1
ls -l /data/user1
drwx------ 2 user1 user1 4096 Dec 15 14:10 files
And I changed the sshd_config:
ChrootDirectory /data/%u
And restarted the SSH service.
But I still get a network error when connecting via WinSCP Portable, which says:
Network error: Software caused connection abort
Authentication log (see session log for details):
Using username "user1".
Authentication failed.
What am I missing?
Thanks,
Linn
Only SFTP is supported, not SCP!
FWIW I just tested on a v14.2 LAMP that I had handy. I haven't set any of this up previously and here's what I did (copy pasted from the wiki):
Then in another terminal, it "just works"!:Add new comment