SSH - ChrootDirectory not working

ssh debian sftp chroot
6,034

Your permissions on / are too open.
I wonder how you ended up with that.
That should be 0755.
So you'll need to change that.

The rest looks OK.

Share:
6,034

Related videos on Youtube

Jonathan Gaudé
Author by

Jonathan Gaudé

Updated on September 18, 2022

Comments

  • Jonathan Gaudé
    Jonathan Gaudé almost 2 years

    I am trying to chroot a "test" user (group sftp) to /home/test. I've added the following lines at the end of my sshd_config:

    Subsystem sftp internal-sftp

Match User test
    ChrootDirectory /home/test
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

    home and testdirectories have 755 permissions and are owned by root. I have also tried with ChrootDirectory /home.

    root@Debian:/# namei -l /home/test
f: /home/test
drwxrwxrwx root root /
drwxr-xr-x root root home
drwxr-xr-x root root test

    I am unable to connect to the server via SFTP or SSH (whether I include Subsystem sftp internal-sftp and ForceCommand internal-sftp or not). As soon as I log in I get the following message:

    Write failed: Broken pipe

    ... and the following is appended to auth.log:

    May 12 13:48:29 Reach sshd[25503]: Accepted password for test from 192.168.0.10 port 51058 ssh2
May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session opened for user test by (uid=0)
May 12 13:48:29 Reach sshd[25505]: fatal: bad ownership or modes for chroot directory component "/"
May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session closed for user test

    Apparently the problem is it's trying to chroot to "/" when it should be "/home/test". What am I missing ? I've left the rest of sshd_config to default values, and there is no other ChrootDirectory directive...

    Thank you.

    • faker
      faker about 9 years
      Can you include the output of namei -l /home/test in your question?
    • Jonathan Gaudé
      Jonathan Gaudé about 9 years
      Edited my question.
  • Jonathan Gaudé
    Jonathan Gaudé about 9 years
    Ahhh indeed, thank you, I didn't even bother checking... The server is a Synology NAS, I guess the Synology file server must have messed with the permissions somehow. Much work to do now...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Limit SFTP user access to specified directory
How can I chroot sftp-only SSH users into their homes?
Chrooted SFTP with full access to SSH stopped working (Debian)
How to completely hide stuff from a user?
Setting default group permissions via SFTP
How to change SFTP password without allowing SSH login?
SFTP - couldnt read packet: connection reset py peer
File/Directory permissions for SFTP user
OpenSSH 5.3 setting UMASK for SFTP chroot env, dosen't work at all
SFTP to chroot and SSH to manage system in one config?