1
1
I am usingOpenSSH for Windows 7.7p1 on Windows 1903. I used Match User xxxx in sshd_config file, in Program Data -> SSH to change xxxx's root directory to another path in the filesystem, apart from a few other directives.
This method used to work fine with an earlier version, I could connect using this user and come to the changed root directory.
With the new stable version, this Match User directive seemingly isn't respected.
Looking at the sshd logs, I see this...
26948 2019-09-30 15:10:29.745 debug1: userauth-request for user TestLocalAccount service ssh-connection method none [preauth]
26948 2019-09-30 15:10:29.745 debug1: attempt 0 failures 0 [preauth]
26948 2019-09-30 15:10:29.745 debug3: mm_getpwnamallow entering [preauth]
26948 2019-09-30 15:10:29.745 debug3: mm_request_send entering: type 8 [preauth]
26948 2019-09-30 15:10:29.745 debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
26948 2019-09-30 15:10:29.745 debug3: mm_request_receive_expect entering: type 9 [preauth]
26948 2019-09-30 15:10:29.745 debug3: mm_request_receive entering [preauth]
26948 2019-09-30 15:10:29.745 debug3: mm_request_receive entering
26948 2019-09-30 15:10:29.745 debug3: monitor_read: checking request 8
26948 2019-09-30 15:10:29.745 debug3: mm_answer_pwnamallow
26948 2019-09-30 15:10:29.745 debug2: parse_server_config: config reprocess config len 297
26948 2019-09-30 15:10:29.745 debug3: checking match for 'User TestLocalAccount' user testlocalaccount host 127.0.0.1 addr 127.0.0.1 laddr 127.0.0.1 lport 22
26948 2019-09-30 15:10:29.745 debug3: match not found
26948 2019-09-30 15:10:29.745 debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
26948 2019-09-30 15:10:29.745 debug3: mm_request_send entering: type 9
These logs -
26948 2019-09-30 15:10:29.745 debug2: parse_server_config: config reprocess config len 297
26948 2019-09-30 15:10:29.745 debug3: checking match for 'User TestLocalAccount' user testlocalaccount host 127.0.0.1 addr 127.0.0.1 laddr 127.0.0.1 lport 22
26948 2019-09-30 15:10:29.745 debug3: match not found
- do not appear when there is no
Match Userdirective insshd_config. At least that and the fact that it considers a config file change seems to indicate this is the correct file (Prog Files -> OpenSSH has another sshd_config_default).
The relevant section in the sshd_config looks like -
# override default of no subsystems
Subsystem sftp sftp-server.exe
Match User TestLocalAccount
ChrootDirectory C:\Users\TestLocalAccount\Downloads
PubKeyAuthentication yes
None of the directives within the Match user section are respected. Opening a session with TestLocalAccount just opens up the home user profile of the same.
I am trying this with SecureFX SFTP client.
user1173240
Posted 2019-09-30T10:38:09.340
Reputation: 261
Have you filed/reviewed bug reports on Microsoft's Win32-OpenSSH's GitHub?
– JW0914 – 2019-09-30T13:10:52.193I had a glance and searched that page, checked release notes for the latest version, for this, but didn't find anything close to the issue I've been having. I rather think if this were broken, it'd be a fairly big thing. – user1173240 – 2019-10-01T03:37:16.907
I would file a bug report then, which should garner some input from others who can troubleshoot. The developers working on Win32-OpenSSH generally reply when issues are filed, and other GitHub users frequently check the issues page to offer help to others. Win32-OpenSSH isn't as widespread as OpenSSH is, so it's entirely possible either others aren't utilizing it with
Match Useror others haven't upgraded to 7.7x and therefore aren't aware the update has broken something. – JW0914 – 2019-10-01T11:06:39.183After some checking, turns out the
Match Uservalue, i.e., username, should be in lower caps. Perhaps this is widely known (or borrowed from Linix environment), but strange one for me.Anyway, once username is in lower caps, seems to work for me. – user1173240 – 2019-10-23T04:37:33.690