0

So yesterday I wanted to developed directly into my /var/www folder and made a few steps according to some sites. I first added my user to www-data group and changed ownership to /var/www. Right now everything is set like 755 <username>:www-data. Additionally I made some changes to ssh_config and added Subsystem sftp internal-sftp and

Match group sftp
X11Forwarding no
ChrootDirectory %h
AllowTcpForwarding no
ForceCommand internal-sftp

I restarted the service and I was all working nice. Today (the PC was asleep) I get all my connections refused.

Im running ubuntu 12.04lts on Vbox. Host OS is Win 8 pro.

Can any1 help me solve this issue so I can ssh to my VM?

Thanks

LouieV
  • 1,032
  • 2
  • 15
  • 28

1 Answers1

0

Did you try logging in again after restarting sshd with the new configuration, to verify that the configuration really works?

It looks like ChrootDirectory requires that the chrooted-to directory be owned by root. sshd is probably checking that and refusing to allow the login, else it cause a security problem.

This article is from debian, but it should be relevant regardless: http://www.debian-administration.org/articles/590

antiduh
  • 11,853
  • 4
  • 43
  • 66
  • I didnt try to login back but I was able to save files from my editor via SFTP – LouieV Jul 04 '13 at 00:45
  • If the editor had an established sftp session, the changed configuration wouldn't have applied - this is by design: you open a bunch of login sessions, change the configuration, and try to log-in again on a new terminal; if you messed up, you still have the established logins there to fix it. – antiduh Jul 04 '13 at 00:46
  • I did a recursive chmod root:www-data and nothing :( – LouieV Jul 04 '13 at 01:12
  • Even if the connection is not persistent/ – LouieV Jul 04 '13 at 01:13
  • http://linux.die.net/man/5/sshd_config - "This path, and all its components, must be root-owned directories that are not writable by any other user or group.". Looks like you can't have it owned by www-data, or at least be writable by it. – antiduh Jul 04 '13 at 01:16
  • that kinda sucks since its a wordpress folder and it needs www-data be able to write for updates :? – LouieV Jul 04 '13 at 01:25
  • Well, if you're serving /home/louiev/wordpress, and you chroot to %h, then only /home/louiev needs to be root-owned; /home/louiev/wordpress can remain owned by www-data still. – antiduh Jul 04 '13 at 01:37
  • Makes sense but am a bit confused now, so I ask is %h == /var/www or ~/ – LouieV Jul 04 '13 at 01:48
  • %h is the home directory of the user logging in. – antiduh Jul 04 '13 at 01:51
  • meh still nothing not even putty I think ill just make a symlink – LouieV Jul 04 '13 at 02:03
  • Putty won't let you in because there are no login binaries in the chroot – antiduh Jul 04 '13 at 02:19
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/32854/discussion-between-louiev-and-antiduh) – LouieV Jul 04 '13 at 04:19