I am trying to chroot a "test" user (group sftp) to /home/test. I've added the following lines at the end of my sshd_config:
Subsystem sftp internal-sftp
Match User test
ChrootDirectory /home/test
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
home and testdirectories have 755 permissions and are owned by root. I have also tried with ChrootDirectory /home.
root@Debian:/# namei -l /home/test
f: /home/test
drwxrwxrwx root root /
drwxr-xr-x root root home
drwxr-xr-x root root test
I am unable to connect to the server via SFTP or SSH (whether I include Subsystem sftp internal-sftp and ForceCommand internal-sftp or not). As soon as I log in I get the following message:
Write failed: Broken pipe
… and the following is appended to auth.log:
May 12 13:48:29 Reach sshd[25503]: Accepted password for test from 192.168.0.10 port 51058 ssh2
May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session opened for user test by (uid=0)
May 12 13:48:29 Reach sshd[25505]: fatal: bad ownership or modes for chroot directory component "/"
May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session closed for user test
Apparently the problem is it's trying to chroot to "/" when it should be "/home/test". What am I missing ? I've left the rest of sshd_config to default values, and there is no other ChrootDirectory directive…
Thank you.
Best Answer
Your permissions on
/are too open.I wonder how you ended up with that.
That should be
0755.So you'll need to change that.
The rest looks OK.