0

When connecting to an SFTP server i have no problems Chrooting into the /home directory and accessing the directory i want (FileFolder). But when i attempt to configure it so it Chroots straight in to the directory it rejects the connection.

When i change the following line ChrootDirectory /home to ChrootDirectory /home/FileFolder my connection is rejected when connecting as a guest user. Permissions for the guest user are rx since i want the user to only be able to download files.

I did try adding logging to my config to maybe have a grasp on what is happening:

SyslogFacility AUTH
LogLevel INFO

But the file /var/log/auth.log does not exist (I might be mistaken and it logs to a different file). I also tried using journalctl _COMM=sshd but it does not give me detailed information, only users that are connecting and their IPs.

My sshd_config:

Port 22

PubkeyAuthentication yes

AuthorizedKeysFile  .ssh/authorized_keys

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM yes

Subsystem   sftp    /usr/lib/ssh/sftp-server

Match Address 192.168.8.*
    PasswordAuthentication yes

Match User guest
    ForceCommand internal-sftp
    ChrootDirectory /home

I have tried the solution from here but it does not work.

P.S. I am connecting from 192.168.8.* IP address so it is not pubkey authentication error.

Solution: I had to change the owner of FileFolder to root. Initially it was just a user with root privileges.

JaCkSoN
  • 3
  • 2

1 Answers1

0

I suspect permissions issue. Why chroot to /home is working is that it's owned by root. Chroot to /home/FileFolder is not working because it's not owned by root and should be writable only by root. All the elements in the chroot path should have the same privilege. Check "/var/log/secure" for log info. It will list the reason chroot is failing.

Reda Salih
  • 241
  • 2
  • 7
  • The owner of this folder was indeed not root. I changed the owner to root and it worked perfectly. Thank you. – JaCkSoN Dec 08 '19 at 15:56