chroot directory, and sshd

To: debian-user@lists.debian.org
Subject: chroot directory, and sshd
From: Ron Leach <ronleach@tesco.net>
Date: Thu, 10 Mar 2016 19:56:58 +0000
Message-id: <[🔎] 56E1D18A.5000008@tesco.net>

List, good evening,

AIUI, sshd requires that a chroot directory, and all directories aboveit, including "/", must be owned by root, and not be writable exceptby root. '755' permissions.

While trying to set up an sftp-only service, and using this stanza in/etc/ssh/sshd_config :


Match Group sftp_users
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /home/sftp
  ForceCommand internal-sftp

sftp login attempts fail after password entry, and
/var/log/auth.log shows :

bad ownership or modes for chroot directory component "/"

I've rechecked ownership and access settings for
/home
/home/sftp

and both these are owned by root, and writable only by root as owner(755).

I note that the auth failure does seem to suggest there is somethingwrong with permissions for "/" itself. I haven't been able to findout how to check the permissions on "/", and I'd appreciate asuggestion how to do that if - as it seems - that might be what sshdis complaining about.

If that isn't the problem, I'm not sure what else could be. Thedirectories below /home/sftp, such as

/home/sftp/mary

are owned by and writable by user mary. mary is also in the group'sftp-users'.


OS is Wheezy, and ssh updates are applied.

I'd be very grateful for any insights,

regards, Ron

Reply to:

Follow-Ups:
- Re: chroot directory, and sshd
  - From: Sven Hartge <sven@svenhartge.de>

Prev by Date: Re: Does anyone know how to configure a Brother MFC-J5720DW with cups?
Next by Date: MS SharePoint/Dynamics AX/GP/NAV/CRM Users
Previous by thread: Re: How to VNC to active screen on remote system.
Next by thread: Re: chroot directory, and sshd
Index(es):
- Date
- Thread