asked on Chroot SFTP not workng in Ubuntu
Guys,
I'm facing a weird problem while trying to setup Chroot SFTP on ubuntu server. SSH is getting crashed whenever I am trying to setup Chroot SFTP. Logs are not showing any error. The only error in logs was related to LOCALE environment and I had fixed now. This error does not seem to be related to chroot. In short I'm clueless. I had tried the following steps.
1. Created new user for SFTP
2. Commented the existing "Subsystem sftp" and added the following.
Subsystem sftp internal-sftp
3. Added the following lines for user.
Match User sftpuser
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
4, Set permissions for sftp directory to root.user
5. Restarted ssh and its down.
I had tried commenting the "UserPam" in ssh config as well. This is the same for ubuntu 11 and ubuntu 12. Can anyone share some ideas?
Regards,
Asv.
I'm facing a weird problem while trying to setup Chroot SFTP on ubuntu server. SSH is getting crashed whenever I am trying to setup Chroot SFTP. Logs are not showing any error. The only error in logs was related to LOCALE environment and I had fixed now. This error does not seem to be related to chroot. In short I'm clueless. I had tried the following steps.
1. Created new user for SFTP
2. Commented the existing "Subsystem sftp" and added the following.
Subsystem sftp internal-sftp
3. Added the following lines for user.
Match User sftpuser
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
4, Set permissions for sftp directory to root.user
5. Restarted ssh and its down.
I had tried commenting the "UserPam" in ssh config as well. This is the same for ubuntu 11 and ubuntu 12. Can anyone share some ideas?
Regards,
Asv.
LinuxLinux SecuritySSH / Telnet Software
Last Comment
Linux Guru
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi,
Thanks man.
Just to let you know that I have fixed it by
/usr/sbin/sshd -D
UsePam was the culprit. I had to disable it and sftp is working fine as expected.
I had tried by changing UsePam yes and no earlier. But not sure it didnt work.
Also now one more question,
I had set chroot for a user. So I have the users file in some other partition say
Exact user home is /home/user
Some files at /var/files/user and this is owned by user. I have setup a symlink to /var/files/user under /home/user. Any way to make this symlink work when we use chroot in sftp ?
Thanks!
Thanks man.
Just to let you know that I have fixed it by
/usr/sbin/sshd -D
UsePam was the culprit. I had to disable it and sftp is working fine as expected.
I had tried by changing UsePam yes and no earlier. But not sure it didnt work.
Also now one more question,
I had set chroot for a user. So I have the users file in some other partition say
Exact user home is /home/user
Some files at /var/files/user and this is owned by user. I have setup a symlink to /var/files/user under /home/user. Any way to make this symlink work when we use chroot in sftp ?
Thanks!
No way. Please remember that "chroot" is meant for jailing users in their homes.
Allowing symlinks to the outside of the jail would heaviliy contradict this intention.
Symlinks as set up by you are relative to the system root ( / ), but chroot establishes a new root, thus making the system root inaccessible - that's how it should work.
You could add a whole directory structure to the jail by means of "mount --bind":
mkdir /home/user/files
mount --bind /var/files/user /home/user/files
(just an example!)
Allowing symlinks to the outside of the jail would heaviliy contradict this intention.
Symlinks as set up by you are relative to the system root ( / ), but chroot establishes a new root, thus making the system root inaccessible - that's how it should work.
You could add a whole directory structure to the jail by means of "mount --bind":
mkdir /home/user/files
mount --bind /var/files/user /home/user/files
(just an example!)
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
thanks for the assist..
Thanks.
Yes I'm aware that chroot is relative to users home directory.
I will try sudo /usr/sbin/sshd -D and let you know.
Thank you.