UPWORK/ODESK guru: Tips and Tricks for clients

skype: upwork.link , email: info@upwork.link

How to set up SFTP with ChrootDirectory on Linux.

without comments

If you want the default directory that users start in to be writable then you must create their home directory under the chroot. Else you can get errors type of:

Nov ** 12:35:00 sftp-server sshd[10267]: Accepted password for user
from localhost port 39150 ssh2
Nov ** 12:35:00 sftp-server sshd[10269]: fatal: bad ownership or modes
for chroot directory "/home/user01" 

After sshd has chrooted to the ChrootDirectory, it will chdir to the home directory as normal. So, for a passwd line like:

user@localhost:~$ cat /etc/passwd | egrep user0 
user01:x:1001:1001:,,,:/home/user01:/bin/bash
user02:x:1002:1002:,,,:/home/user02:/bin/bash
user@localhost:~$

insert in /etc/ssh/sshd_config:

Match User user01
    ChrootDirectory /incoming
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp
Match User user02
    ChrootDirectory /incoming
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Create directories:

root@localhost :/$ mkdir -p /incoming/home/user01
root@localhost :/$ mkdir -p /incoming/home/user02
root@localhost :/$ chown user01.user01 /incoming/home/user01
root@localhost :/$ chown user02.user02 /incoming/home/user02
root@localhost :/$ chmod 750 /incoming/home/user01
root@localhost :/$ chmod 750 /incoming/home/user01

Last directory is user-owned, everything else must be root-owned.

A variant of this that yields less deep directory trees would be to set
the passwd file up as:

user01:x:1001:1001:,,,:/user01:/bin/bash     /home/user01 <-> /user01
user02:x:1002:1002:,,,:/user02:/bin/bash

Also look to http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

Written by spectre

May 7th, 2013 at 9:05 pm

Posted in Tips and Tricks

Leave a Reply

*