1

I have been trying to configure my CentOS 6.5 minimal 64 bit machine to allow SFTP users to connect and get jailed to specific folders. I can sftp in using the unix commmand: "sftp user@localhost" and move around within the restricted directory, but I can't use LS or any other commands like that. However, the real issue is that I can't connect at all using FileZilla. I simply get this error:

Status: Retrieving directory listing...
Command:    pwd
Response:   Current directory is: "/"
Command:    ls
Status: Listing directory /
Error:  Unable to open .: permission denied
Error:  Connection timed out after 20 seconds of inactivity

I'd love to be able to use LS when using the SFTP command in Unix but most importantly I need it to work with FileZilla.

Here is a description of the current setup:

/etc/ssh/sshd_config

Subsystem    sftp    internal-sftp

Match Group sftp_users
    X11Forwarding no
    AllowTcpForwarding no
    ChrootDirectory /var/sftp/%u
    ForceCommand internal-sftp

grep user /etc/passwd

user:x:500:500::/var/sftp/user/incoming:/sbin/nologin

groups user

user : user sftp_users

ll / | grep var

drwxr-xr-x root root var

ll /var | grep sftp

drwxr-xr-x root root sftp

ll /var/sftp | grep user

drwxr-xr-x root root user

ll /var/sftp/user

drwxrwxr-x user sftp_users incoming
drwxrwxr-x user sftp_users outgoing

Everything I've read says that's how it's supposed to be setup, so please let me know what I'm missing. I just can't seem to get it to work properly.

Thanks for your time.

[Edit:]

I used this command to modify my user's home directory;

usermod -d /incoming

that way he would land in /incoming rather than the full path of the directory as it was previously.

grep user /etc/passwd

user:x:500:500::/incoming:/sbin/nologin

ls -lrtd /var/sftp/user/incoming

drwxrwxr-x user sftp_users /var/sftp/user/incoming

sshd_config

#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem       sftp    internal-sftp -f AUTH -l INFO

Match Group sftp_users
        ChrootDirectory /var/sftp/%u
        ForceCommand internal-sftp

However, I still get the same errors from using the SFTP command in UNIX and FileZilla on Windows.

I added the debug level logging to the sshd config, but the messages aren't populating in the /var/log/messages file for anyone but the root user. So that route is not working currently. Also the /var/log/secure file doesn't show any errors with the SFTP authentication and session start.

SFTP output

[root@...]# sftp user@localhost
Connecting to localhost...
user@localhost's password:
sftp> ls
Couldn't get handle: Permission denied
sftp> cd ..
sftp> cd incoming
Couldn't canonicalise: Permission denied
sftp> quit
[root@...]#
Hussein Sabbagh
  • 39
  • 7
  • Enable DEBUG log level in `sshd`, restart the service and inspect the login attempt logs. – dawud Mar 30 '15 at 09:34
  • possible duplicate of [SFTP user can't edit or create files](http://serverfault.com/questions/497011/sftp-user-cant-edit-or-create-files) – dawud Mar 30 '15 at 09:34

0 Answers0