I am attempting to set up a user with SFTP access and limited SSH access. Therefore, I've chrooted the user and then set it up basically exactly as specified in this tutorial. However, while I can ssh into the server successfully, when I attempt to connect via an SFTP connection, it simply says Connection Failed.
Research and attempted fixes
I have attempted searching for anything that can explain how to do this however I could only find this topic which did not have any answers. In addition, there were no articles online that I could find that showed how this could be done.
I also tried copying the entire /bin
and entire /lib
folder into the chrooted directory in order to ensure that there wasn't any missing commands that may be causing it to fail. Looking at /var/log/auth.log
yielded no results including as the only log was that the connection was closed by the user including when I set LogLevel Debug2
in /etc/ssh/sshd_config
. Attempting to connect using an SCP connection in WinSCP allows me to see the files, however I can't copy anything to my local drive or vice versa
SSHD Config File (relevant section):
Match User test_user
ChrootDirectory /home/test_user
Best Answer
Eventually I found the
jailkit
tool which is designed to automate the jailing of users rather than doing it manually which I originally was attempting to do.To set up the chrooted directory, I used the following steps
Installation (on Ubuntu) Installation from source can be found here
Directory Setup
A list of various packages to allow access to can be found at
/etc/jailkit/jk_init.ini
. I also installed git this way after I had set it upGeneral format below
Jailing the user
Changing shell
Finally the shell specified in
<chroot_directory>/etc/passwd
should be changed from/usr/sbin/jk_lsh
to/bin/bash
. Note there should only be the entries for test_user, root and possibly one other loginFrom there, you can log in via ssh or sftp/scp and access everything as expected. Note that to log in via public key, you will need to set up the
~/.ssh/authorized_keys
file