Ping a Specific Port

Question

dukevin

Asked: 2012-10-09 11:45:43 +0800 CST2012-10-09 11:45:43 +0800 CST 2012-10-09 11:45:43 +0800 CST

Setting up a chroot sftp on debian server

772

I'm trying to allow a user "user" to access my server by either sftp or ssh. I want to jail them into a directory with chroot. I read the instructions here however it does not work. I did the following:

useradd user
modify /etc/ssh/sshd_config and added

Match User user

ForceCommand internal-sftp

ChrootDirectory /home/duke/aa/smart to the bottom of the file
changed the subsystem line to Subsystem sftp internal-sftp
restarted sshd with /etc/init.d/ssh restart
logged in with ssh as user "user" with PuTTY

Putty says "Server unexpectly closed the connection".

Why is this and how can it be fixed?

EDIT

Following the suggestions below, I've made the bottom of sshd_config look like:

Match User user
   ChrootDirectory /tmp

yet no change. I do get a password OK but I cannot connect via ssh nor sftp. What gives?

3 Answers

Voted

Denham · Answer 1 · 2015-07-08T06:59:18+08:00

Denham

2015-07-08T06:59:18+08:002015-07-08T06:59:18+08:00

The directory that you set as your chroot must be owned by root and have 755 permissions.

This is what I use for my setup

Match user sftpuser
 ChrootDirectory /home/sftpuser
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

in /home

drwxr-xr-x   5 root    users 4096 Jan 29 10:31 sftpuser

in /home/sftpuser

drwx------ 2 sftpuser users 4096 Jan 29 10:52 sftpuser

This chroot's them to the /home/sftpuser directory, but since they have no permission to write into it I create the second sftpuser directory for them to write to.

1

pradeepchhetri · Answer 2 · 2012-10-09T11:59:46+08:00

pradeepchhetri

2012-10-09T11:59:46+08:002012-10-09T11:59:46+08:00

I think the problem is in ChrootDirectory /home/duke/aa/smart. The problem is related to permissions. The user through which you are trying to log into the box doesnot have the executable permission I think. Can you once try changing this to some directory like /tmp where every user has full permission.

0

sherbang · Answer 3 · 2013-12-03T15:12:54+08:00

sherbang

2013-12-03T15:12:54+08:002013-12-03T15:12:54+08:00

Check your /var/log/auth.log for ssh errors.

It's probably a permissions error. The chroot directory must be owned by root.

FYI, my working config looks like this (I prefer using group access instead of user access):

Subsystem       sftp    internal-sftp

AllowGroups sshusers sftponly

Match group sftponly
  ChrootDirectory %h
  X11Forwarding no
  AllowTcpForwarding no
  ForceCommand internal-sftp

0

Setting up a chroot sftp on debian server

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?