We currently use our Linux (Centos 7.2) SSH and we restrict SFTP users to their home directories using chroot jail. Currently all the home folders for the SFTP users are under /home mount point are able to log in properly to each one of their home folder (SFTPWRITE)
and cannot see any other folders.
Below is our current config from /etc/ssh/sshd_config:
# override default of no subsystems
# Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftponly
We are using the following commands to create and users & group :
useradd temp01 -g sftponly -s /bin/false
After creating the user and link him to the group, below command we use to make jailed home dir:
chown root /home/temp01
chmod 755 /home/temp01
chown temp01 /home/temp01/SFTPWRITE
chmod 755 /home/temp01/SFTPWRITE
after that we run the following command: setsebool -P ssh_chroot_rw_homedirs on
like I mentioned above, everything works perfectly fine.
The problem has began when we had to create a new mount point /sftphome as opposed to /home due to disk space issues and we followed exactly the same procedures like above just created a new username (temp02) and changed the /home folder to /sftphome
useradd temp02 -g sftponly -s /bin/false
chown root /sftphome/temp02
chmod 755 /sftphome/temp02
chown temp02 /sftphome/temp02/SFTPWRITE
chmod 755 /sftphome/temp02/SFTPWRITE
Run the command: setsebool -P ssh_chroot_rw_homedirs on
However, when user temp02 attempts to access the SFTP sever eaither via Fila-zilla or winscp, he keeps getting the following error:
Software caused connection abort, Authentication Failed (Please find attached screenshot). I'm able to log in successfully using root.
I have tried changing ChrootDirectory %h to ChrootDirectory /sftphome without any luck.
It would be great if someone has any clue why non root users cannot access where the only difference we did was to create a new mount point for their home folders. Maybe I am missing something here.
Any help will be much appreciated Guys!