Chrooted SFTP with full access to SSH stopped working (Debian)
Based on your description, this sounds like the correct behavior.
ForceCommand internal-sftp
makes it so that the matched group can ONLY connect via sftp, and not ssh.
If you wish to allow both ssh and sftp for the users in the sftp-chroot group, you'll need to remove that line. However, at that point I believe the ssh connections will be chrooted as well.
Related videos on Youtube
tcoolspy
Updated on September 18, 2022Comments
-
tcoolspy almost 2 years
I've got a home server on Debian 6 for backups. I'd like to setup chrooted SFTP environment with SSH access for some users (only for my knowledge, there are two users now). It almost works or rather worked until yesterday. In
/etc/ssh/sshd_config
I set up a special chrooted group:Subsystem sftp internal-sftp [...] Match Group sftp-chroot ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
I've created this group and added my account to it. Next I've changed
chmod
andchown
like in this tutorial (or others very similar).It has worked two days. Yesterday evening I couldn't login into my server - nothing have been changed since last time. Console just returned:
This service allows sftp connections only. Connection to xxx.xxx.xxx.xxx closed.
It's clear but how has it worked before? Removing user from
sftp-chroot
group solves this problem but of course causes no chroot on SFTP. I'm connecting that way:ssh [email protected]
I'm in groups:
my_login cdrom floppy sudo audio dip video plugdev sftp-chroot
The last entries from
/var/log/auth.log
are:Jun 4 13:59:54 debian sshd[1132]: Server listening on 0.0.0.0 port 22. Jun 4 13:59:54 debian sshd[1132]: Server listening on :: port 22. Jun 4 14:02:50 debian sshd[1185]: Accepted password for my_login from 10.0.0.10 port 57431 ssh2 Jun 4 14:02:50 debian sshd[1185]: pam_unix(sshd:session): session opened for user my_login by (uid=0) Jun 4 14:02:50 debian sshd[1188]: Received disconnect from 10.0.0.10: 11: disconnected by user Jun 4 14:02:50 debian sshd[1185]: pam_unix(sshd:session): session closed for user my_login
There's also installed
vsftpd
andrssh
on the server.I've red a lot of tutorials and documentation, tried different directories permission and owners. Nothing helped. I saw in comments that some people also had this problem but any tip how to work out it. Maybe someone could help or encountered the same issue? Thanks in advance.
If something isn't clear I will try describe it better. I'm not native English speaker ;)