I've got an Amazon Linux AMI machine running 2016.09 version. I've recently created a user and I'm able to connect using its credentials (private key).
This user is intended to be used by a third party and I want to restrict its access to its home directory (or subdirectory), so that it can't access any other folder (nor list any other folder/file).
I assume I do need to configure some sort of chroot directory using my sshd_config file, located in /etc/ssh/sshd_config. I've been able to modify its content so that it looks like the following piece of text:
#override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match User myuser
PasswordAuthentication yes
ChrootDirectory /home/myuser/ftp_folder
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Just after saving changes, I restart ssh service by typing sudo service sshd restart.
Unfortunately, I can't login with those changes (either ssh or using ftp):
$ ssh -i 'G:\AWS\ec2_keys\myuser.pem' myuser@ec2-XXXXXX-XX.compute- 1.amazonaws.com -vvv
Authenticated to ec2-XXXXXX-XX.compute-1.amazonaws.com ([YYY.YYY.YYY.YYY]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: network
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cc -1)
Connection to ec2-XXXXXX-XX.compute-1.amazonaws.com closed by remote host.
Connection to ec2-XXXXXX-XX.compute-1.amazonaws.com closed.
Transferred: sent 2328, received 1996 bytes, in 0.0 seconds
Bytes per second: sent 60664.3, received 52012.8
debug1: Exit status -1
What am I missing in the configuration? Thanks!!
