1

I have setup SFTP on our development box and would like to jail users into the /var/www/project folder

I have added the following to /etc/ssh/sshd_config

Match Group developers
    ChrootDirectory /var/www/project
    X11Forwarding no
    AllowTCPForwarding no
    ForceCommand /usr/lib/openssh/sftp-server

When I attempt to SFTP in, I receive error

Couldnt read packet: connection reset by peer

I thought that this might be a permissions issues, Ive chmod /usr/lib/openssh/sftp-server to 755 - still no luck

Any suggestions?

Tim
  • 171
  • 2
  • 3
  • 8
  • You might try setting the server logging to a DEBUG setting. You do this in /etc/ssh/sshd_config LogLevel DEBUG3 would give you the most info. If sftping via linux you can also pass in -vvv to get more information. Reset by peer usually means the client has a problem with something. – Joshua Enfield Sep 06 '10 at 00:46
  • ok so I got the error bad owner or mode for /var/www/project so I chown it to root/root and it works, however, I dont want the directory to be owned by root as this causes problems with user write permissions etc, am I taking the wrong approach? – Tim Sep 06 '10 at 02:11

1 Answers1

1

sorry i can't comment, so i have to answer directly.

the permissions with the build-in chroot system is a little bit tricky, i use the same method to create sftp only users:

part of my sshd_config:

Match group developers
    ChrootDirectory /home/%u/userdata

where %u matches every username here

assuming the following path

/home/developername/datadirectory/upload

permissions:

developername root:root rwxr-xr-x
datadirectory root:root rwxr-xr-x
upload developername:developers rwx------

if a user logs the directroy listing of / shows "upload"

c33s
  • 1,515
  • 3
  • 21
  • 39