So I followed the "Chroot and Debian" tutorial in http://sublimation.org/scponly/wiki/index.php/FAQ
Then when I log into user "upload" via ssh I have no access to the command line (this is what I wanted).
But then when I SFTP into the upload user I can still see all the root files (/), it didn't chroot me to just /home/upload whats going on?
….
I added this to the end of my /etc/ssh/sshd_config file, then done a restart
Subsystem sftp internal-sftp
UsePAM yes
Match User upload
ChrootDirectory /home/upload
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Then when I log into sftp I can only see my upload folder (this is what I want), but now scp doesn't work 😛
SCP will accept my password then:
debug1: Next authentication method: password
upload@10.10.10.2's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_NZ.UTF-8
debug1: Sending command: scp -v -t /test
It will hang on that last debug message.
Any help would be greatly appreciated.
Note, running Debian Lenny
Best Answer
You are not using
scponly
here. You have restricted the userupload
to using SFTP, so you can't usescp
on that account sincescp
relies on an interactive shell or at least a shell which supports certain commands (likescponly
orrssh
).Use
sftp
or another SFTP client (e. g.lftp
) to access that account or remove theForceCommand
andChrootDirectory
directives from your sshd_config.