I’m having problems setting up sftp with a ChrootDirectory. I’ve done an equivalent setup on other distros, but for some reason I cannot get it to work on a Redhat AMI.
The changes to my sshd_config file are:
Subsystem sftp internal-sftp Match Group ftponly PasswordAuthentication yes X11Forwarding no ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
I have the concerned usere’s homes at /home/user, owned by root. After connecting with a user in the ftponly group, I’m dropped into / without permissions for anything, and am unable to do anything.
sftp bob@localhost Connecting to localhost... bob@localhost's password: sftp> pwd Remote working directory: /
I can connect normally with users not in the ftponly group.
openssh version 5.3
I’ve experimented with different permissions, as well as having users own their own home directory (gives a Write failed: Broken pipe error), and so far, nothing has seemed to work.
I’m sure it’s a permissions error, or something equally as trivial, but at this point my eyes are beginning to glaze over, and any help would be greatly appreciated.
EDIT:
James and Madhatter, thanks for clarifying. I was confused by chroot dropping me in /… just didn’t think through it properly. I’ve added the appropriate directories and permissions to get read access. One other key part was enabling write access to chrooted homes:
setsebool -P ssh_chroot_rw_homedirs on
in order to get write access. I think I’m all set now. Thanks for the help.
Answer
ChrootDirectory %h
will chroot the users home directory to /. I may be wrong but the reason that you can not do anything is because the necessary support files do not exist in the chroot jail. A quick search for configure ssh chroot
brings me to this page http://www.techrepublic.com/blog/opensource/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/229 where you make the necessary files available.
Attribution
Source : Link , Question Author : Curtis_w , Answer Author : James Park-Watt