At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!
COURSE of the MONTH
9 days, 3 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Chroot SFTP not workng in Ubuntu
Posted on 2013-05-20
Guys,
I'm facing a weird problem while trying to setup Chroot SFTP on ubuntu server. SSH is getting crashed whenever I am trying to setup Chroot SFTP. Logs are not showing any error. The only error in logs was related to LOCALE environment and I had fixed now. This error does not seem to be related to chroot. In short I'm clueless. I had tried the following steps.
1. Created new user for SFTP
2. Commented the existing "Subsystem sftp" and added the following.
Subsystem sftp internal-sftp
3. Added the following lines for user.
Match User sftpuser
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
4, Set permissions for sftp directory to root.user
5. Restarted ssh and its down.
I had tried commenting the "UserPam" in ssh config as well. This is the same for ubuntu 11 and ubuntu 12. Can anyone share some ideas?
Regards,
Asv.
I'm facing a weird problem while trying to setup Chroot SFTP on ubuntu server. SSH is getting crashed whenever I am trying to setup Chroot SFTP. Logs are not showing any error. The only error in logs was related to LOCALE environment and I had fixed now. This error does not seem to be related to chroot. In short I'm clueless. I had tried the following steps.
1. Created new user for SFTP
2. Commented the existing "Subsystem sftp" and added the following.
Subsystem sftp internal-sftp
3. Added the following lines for user.
Match User sftpuser
ChrootDirectory /home
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
4, Set permissions for sftp directory to root.user
5. Restarted ssh and its down.
I had tried commenting the "UserPam" in ssh config as well. This is the same for ubuntu 11 and ubuntu 12. Can anyone share some ideas?
Regards,
Asv.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
2
6 Comments
Active today
Run sshd this way, to find out which part of sshd_config it doesn't like:
sudo /usr/sbin/sshd -D
sshd will stay in the foreground, so you can watch its messages.
Are you aware that "ChrootDirectory" is always relative to the user's HOME?
So if the HOME directory is /home/users the chroot directory is "/home/users/home", and
thus all components of /home/users/home must be root owned directories that are not writable by any other user or group.
sudo /usr/sbin/sshd -D
sshd will stay in the foreground, so you can watch its messages.
Are you aware that "ChrootDirectory" is always relative to the user's HOME?
So if the HOME directory is /home/users the chroot directory is "/home/users/home", and
thus all components of /home/users/home must be root owned directories that are not writable by any other user or group.
Hi,
Thanks.
Yes I'm aware that chroot is relative to users home directory.
I will try sudo /usr/sbin/sshd -D and let you know.
Thank you.
Thanks.
Yes I'm aware that chroot is relative to users home directory.
I will try sudo /usr/sbin/sshd -D and let you know.
Thank you.
Hi,
Thanks man.
Just to let you know that I have fixed it by
/usr/sbin/sshd -D
UsePam was the culprit. I had to disable it and sftp is working fine as expected.
I had tried by changing UsePam yes and no earlier. But not sure it didnt work.
Also now one more question,
I had set chroot for a user. So I have the users file in some other partition say
Exact user home is /home/user
Some files at /var/files/user and this is owned by user. I have setup a symlink to /var/files/user under /home/user. Any way to make this symlink work when we use chroot in sftp ?
Thanks!
Thanks man.
Just to let you know that I have fixed it by
/usr/sbin/sshd -D
UsePam was the culprit. I had to disable it and sftp is working fine as expected.
I had tried by changing UsePam yes and no earlier. But not sure it didnt work.
Also now one more question,
I had set chroot for a user. So I have the users file in some other partition say
Exact user home is /home/user
Some files at /var/files/user and this is owned by user. I have setup a symlink to /var/files/user under /home/user. Any way to make this symlink work when we use chroot in sftp ?
Thanks!
Active today
No way. Please remember that "chroot" is meant for jailing users in their homes.
Allowing symlinks to the outside of the jail would heaviliy contradict this intention.
Symlinks as set up by you are relative to the system root ( / ), but chroot establishes a new root, thus making the system root inaccessible - that's how it should work.
You could add a whole directory structure to the jail by means of "mount --bind":
mkdir /home/user/files
mount --bind /var/files/user /home/user/files
(just an example!)
Allowing symlinks to the outside of the jail would heaviliy contradict this intention.
Symlinks as set up by you are relative to the system root ( / ), but chroot establishes a new root, thus making the system root inaccessible - that's how it should work.
You could add a whole directory structure to the jail by means of "mount --bind":
mkdir /home/user/files
mount --bind /var/files/user /home/user/files
(just an example!)
Chroot directory for SFTP needs to be read-only for anyone not root.
After it cd-s to full homedir path in that chroot
say you might need
cd /home
ln -s / home
to make normal users work
After it cd-s to full homedir path in that chroot
say you might need
cd /home
ln -s / home
to make normal users work
Featured Post
Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years. You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to get help with Linux/Unix bash shell commands.
Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely.
Download Secure Shell:
Follow basic installation instructions:
Open Secure Shell and use "Quick Connect" to enter credentials includi…
Suggested Courses
Course of the Month9 days, 3 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.