Solved

Chroot SFTP not workng in Ubuntu

Posted on 2013-05-20
6
889 Views
Last Modified: 2013-05-20
Guys,

I'm facing a weird problem while trying to setup Chroot SFTP on ubuntu server. SSH is getting crashed whenever I am trying to setup Chroot SFTP. Logs are not showing any error. The only error in logs was related to LOCALE environment and I had fixed now. This error does not seem to be related to chroot. In short I'm clueless. I had tried the following steps.

1. Created new user for SFTP
2. Commented the existing "Subsystem sftp" and added the following.

Subsystem sftp internal-sftp

3. Added the following lines for user.

Match User sftpuser
    ChrootDirectory /home
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

4, Set permissions for sftp directory to root.user
5. Restarted ssh and its down.

I had tried commenting the "UserPam" in ssh config as well. This is the same for ubuntu 11 and ubuntu 12. Can anyone share some ideas?

Regards,
Asv.
0
Comment
Question by:LinuxGuru
  • 3
  • 2
6 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 400 total points
ID: 39180405
Run sshd this way, to find out which part of sshd_config it doesn't like:

sudo /usr/sbin/sshd -D

sshd will stay in the foreground, so you can watch its messages.

Are you aware that "ChrootDirectory" is always relative to the user's HOME?

So if the HOME directory is /home/users the chroot directory is "/home/users/home", and
thus all components of /home/users/home must be root owned directories that are not writable by any other user or group.
0
 
LVL 13

Author Comment

by:LinuxGuru
ID: 39180499
Hi,

Thanks.

Yes I'm aware that chroot is relative to users home directory.

I will try sudo /usr/sbin/sshd -D and let you know.

Thank you.
0
 
LVL 13

Author Comment

by:LinuxGuru
ID: 39180611
Hi,

Thanks man.

Just to let you know that I have fixed it by

/usr/sbin/sshd -D

UsePam was the culprit. I had to disable it and sftp is working fine as expected.

I had tried by changing UsePam yes and no earlier. But not sure it didnt work.

Also now one more question,

I had set chroot for a user. So I have the users file in some other partition say

Exact user home is /home/user

Some files at /var/files/user and this is owned by user. I have setup a symlink to /var/files/user under /home/user. Any way to make this symlink work when we use chroot in sftp ?

Thanks!
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39180683
No way. Please remember that "chroot" is meant for jailing users in their homes.

Allowing symlinks to the outside of the jail would heaviliy contradict this intention.

Symlinks as set up by you are relative to the system root ( / ), but chroot establishes a new root, thus making the system root inaccessible - that's how it should work.

You could add a whole directory structure to the jail by means of "mount --bind":

mkdir /home/user/files
mount --bind /var/files/user /home/user/files

(just an example!)
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 100 total points
ID: 39180699
Chroot directory for SFTP needs to be read-only for anyone not root.
After it cd-s to full homedir path in that chroot

say you might need
cd /home
ln -s / home

to make normal users work
0
 
LVL 13

Author Closing Comment

by:LinuxGuru
ID: 39181366
thanks for the assist..
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Need BIOS update Linux for MSI X99A motherboard. 4 53
awk file 6 78
Ubuntu Apache Webserver - File Permissions 5 59
How to mount nfs share on this CentOS server? 6 42
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question