Ssh – SFTP, Chroot problems on Redhat


I'm having problems setting up sftp with a ChrootDirectory. I've done an equivalent setup on other distros, but for some reason I cannot get it to work on a Redhat AMI.

The changes to my sshd_config file are:

Subsystem       sftp    internal-sftp

Match Group ftponly
      PasswordAuthentication yes
      X11Forwarding no
      ChrootDirectory %h
      ForceCommand internal-sftp
      AllowTcpForwarding no

I have the concerned usere's homes at /home/user, owned by root. After connecting with a user in the ftponly group, I'm dropped into / without permissions for anything, and am unable to do anything.

sftp bob@localhost
Connecting to localhost...
bob@localhost's password: 
sftp> pwd
Remote working directory: /

I can connect normally with users not in the ftponly group.

openssh version 5.3

I've experimented with different permissions, as well as having users own their own home directory (gives a Write failed: Broken pipe error), and so far, nothing has seemed to work.

I'm sure it's a permissions error, or something equally as trivial, but at this point my eyes are beginning to glaze over, and any help would be greatly appreciated.


James and Madhatter, thanks for clarifying. I was confused by chroot dropping me in /… just didn't think through it properly. I've added the appropriate directories and permissions to get read access. One other key part was enabling write access to chrooted homes:

setsebool -P ssh_chroot_rw_homedirs on

in order to get write access. I think I'm all set now. Thanks for the help.

Best Answer

ChrootDirectory %h will chroot the users home directory to /. I may be wrong but the reason that you can not do anything is because the necessary support files do not exist in the chroot jail. A quick search for configure ssh chroot brings me to this page where you make the necessary files available.