0

I'm trying to have some users able to sftp but not ssh. I've looked at OpenSSH: Difference between internal-sftp and sftp-server and Trying to ChrootDirectory an SFTP user to their home directory

Inside of sshd_config I have the lines 

 Subsystem sftp internal-sftp
 AllowUsers <a bunch of users>

 Match group sftponly
      ChrootDirectory /home/%u
      X11Forwarding no
      AllowTcpForwarding no
      ForceCommand internal-sftp

Filezilla gives me 

 Error: Network error: Software caused connection abort
 Error: Could not connect to server

When I comment out the ChrootDirectory /home/%u I am able to connect fine.

How can I chroot?

ProjectPaatt
  • 11
  • 6
  • ah ok thanks! I didn't know to look in the `var/log/auth.log` it says that my users folder was owned by someone else. A thing i've found, only the user's folder needed JUST the owner permission to be root. Marking as dupe. – ProjectPaatt Jun 11 '17 at 18:38

1 Answers1

1

I'm going to go out on a limb here and guess it's file permissions. If you use ChrootDirectory everything in the path following needs to be owned by root and not group writable (see man sshd_config).

And just to make sure, you did add your users to group sftponly and all that stuff...

quadruplebucky
  • 5,041
  • 18
  • 23
  • 1
    I got it to work as per my comment above. However, it seems that not all of the files inside the users' folder needs to be that way, just /home/. – ProjectPaatt Jun 11 '17 at 18:39
  • Right, just the path specified in the ChrootDirectory. What's actually *in* that dir is fair game. – quadruplebucky Jun 11 '17 at 18:55