Hi All
I have tried to set this up on Centos 6.1 updated to the latest patches.
I have turned off selinux until I can get this sorted, but when I try to login I get the following in the log:
Dec 15 15:16:51 ftp sshd[1686]: Accepted password for sftptest from 10.10.10.4 port 2562 ssh2
Dec 15 15:16:51 ftp sshd[1686]: pam_unix(sshd:session): session opened for user sftptest by (uid=0)
Dec 15 15:16:51 ftp sshd[1690]: fatal: bad ownership or modes for chroot directory component "/home/SFTP/"
Dec 15 15:16:51 ftp sshd[1686]: pam_unix(sshd:session): session closed for user sftptest
I did the fiollowing to set it up:
Created a gropup called sftponly
sshd_config:
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /home/SFTP/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
set the directory structure as follows:
drwx------. 5 root root 4096 Dec 15 13:59 .
drwx------. 22 root root 4096 Dec 15 14:11 ..
drwx------. 3 root root 4096 Dec 15 14:01 SFTP
SFTP:
total 12
drwx------. 3 root root 4096 Dec 15 14:01 .
drwx------. 5 root root 4096 Dec 15 13:59 ..
drwx------. 2 sftptest sftptest 4096 Dec 15 14:01 sftptest
Can anybody see what I am doing wrong please?
Thanks
Kobus
CHrooted SFTP server
Re: CHrooted SFTP server
[url=http://www.gossamer-threads.com/lists/openssh/dev/44657]This[/url] should help
Re: CHrooted SFTP server
Not sure if CentOS' patched ssh fully supports it.
At any rate, often, this can be fixed by changing the directory permissions to 755 rather than 700.
I think everything has to be owned by root, and if you want the ssh user to be able to write, you create another directory, also owned by root, with 777 or whatever.
At any rate, often, this can be fixed by changing the directory permissions to 755 rather than 700.
I think everything has to be owned by root, and if you want the ssh user to be able to write, you create another directory, also owned by root, with 777 or whatever.
Re: CHrooted SFTP server
Hi scottro
It is supported. Please see my other post for some details.
It is supported. Please see my other post for some details.
Re: CHrooted SFTP server
[quote]
TrevorH wrote:
[url=http://www.gossamer-threads.com/lists/openssh/dev/44657]This[/url] should help[/quote]
Hi TrevorH
Thanks for this, i got it sorted.
This was basically correct:
sshd_config:
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /home/SFTP/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
except for this line --> From ChrootDirectory /home/SFTP/%u to ChrootDirectory /home/chroot/%u
I also had to change the passwd file for this user from /home/SFTP/sftptest to /home/sftptest
The biggest change i had make was however the dir structure.
I had /home/SFTP/sftptest for the user dir. but changed it as follows:
/home/chroot/sftptest/home/sftptest
The permission per level are as follows:
drwx------. 4 root root 4096 Dec 16 10:02 home
drwx------. 3 root root 4096 Dec 16 09:58 chroot
drwxr-x---. 3 root sftponly 4096 Dec 16 09:59 sftptest
drwxr-xr-x. 3 root root 4096 Dec 16 09:59 home
drwxrwx---. 3 sftptest sftptest 4096 Dec 16 10:29 sftptest
Once all of these changes have been made it is working as expected and one can now continue to customise the directories as required.
Hope this helps someone else.
Kobus
TrevorH wrote:
[url=http://www.gossamer-threads.com/lists/openssh/dev/44657]This[/url] should help[/quote]
Hi TrevorH
Thanks for this, i got it sorted.
This was basically correct:
sshd_config:
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftponly
ChrootDirectory /home/SFTP/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
except for this line --> From ChrootDirectory /home/SFTP/%u to ChrootDirectory /home/chroot/%u
I also had to change the passwd file for this user from /home/SFTP/sftptest to /home/sftptest
The biggest change i had make was however the dir structure.
I had /home/SFTP/sftptest for the user dir. but changed it as follows:
/home/chroot/sftptest/home/sftptest
The permission per level are as follows:
drwx------. 4 root root 4096 Dec 16 10:02 home
drwx------. 3 root root 4096 Dec 16 09:58 chroot
drwxr-x---. 3 root sftponly 4096 Dec 16 09:59 sftptest
drwxr-xr-x. 3 root root 4096 Dec 16 09:59 home
drwxrwx---. 3 sftptest sftptest 4096 Dec 16 10:29 sftptest
Once all of these changes have been made it is working as expected and one can now continue to customise the directories as required.
Hope this helps someone else.
Kobus
Re: CHrooted SFTP server
Good to know, thank you. The one time I've had to set it up was on a CentOS 5.x server and I wound up rebuilding the rpm. (Openssh puts a spec file in their tarball, so it's pretty easy.)
Re: CHrooted SFTP server
Centos5 is done via script I picked up on a website which I then changed to suit my needs. I still have it somewhere and at a company I recently left it is still very much in use.