I have a home PC and I created a reverse port forwarding to a server. Now I would like to go access to some people to the Home PC through this server. I would like to control the access of the user on this server so I added the following lines to the /etc/ssh/sshd_config
Match User restricteduser
ChrootDirectory /home/restricteduser
AllowAgentForwarding no
PermitOpen localhost:3333
but when I'm trying to connect to the server
ssh restricteduser@serverIP
restricteduser@serverIP's password:
I'm getting the following error:
Write failed: Connection reset by peer
The logfiles for the ssh daemon should give you specific information on what's happening here. Check
/var/log/auth.log.However, I suspect that the
ChrootDirectoryis what is causing problems.When
remoteuserlogs in, the ssh daemon tries to chroot to/home/restricteduserand startrestricteduser's shell (probably/bin/bash). Because it's chrooted, the ssh daemon will be looking for/home/restricteduser/bin/bash.Additionally, any libraries needed by the shell need to be present in the chroot (check with
ldd /bin/bash), and the same applies to any files that the shell expects to be available when started. If the ssh daemon itself needs access to files, they will need to be present too.If
restricteduseris to run any programs once logged-in, they'll need to be in the chroot too, as well as their dependent libraries/files.This can get quite complex. If you're simply looking to provide port-forwarding, check out the answer to How to create a restricted SSH user for port forwarding?