'OpenSSH_5.5p1, OpenSSL 0.9.8g 19 Oct 2007 -- ChrootDirectory %h'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       secure-shell
Subject:    OpenSSH_5.5p1, OpenSSL 0.9.8g 19 Oct 2007 -- ChrootDirectory %h
From:       Liam <lfitz () pacbell ! net>
Date:       2010-06-28 0:15:09
Message-ID: 1277684109.15716.51.camel () liam-laptop
[Download RAW message or body]

Hello, I am trying to accomplish the following:

1.) Use OpenSSH as a SFTP server.
    Subsystem sftp internal-sftp

2.) Use the SFTP server for users other than my main account.
    Match User '*,!lfitz'

3.) Chroot the other users into their home directory.
    	ChrootDirectory %h

4.) Force the command internal-sftp.
	ForceCommand internal-sftp

So the config looks as follows: (hopefully this appears correctly for
readers of the message)

# Beginning of File /etc/ssh/sshd_config
# Global config values
...
# End of Global config values
Subsystem sftp internal-sftp
Match User '*,!lfitz'
	ChrootDirectory %h
	ForceCommand internal-sftp
Match User lfitz
	ForceCommand /bin/bash
# EOF

Basically, the SFTP server works, however it does not chroot the home
directory.  Users can view parent folders (/home) and see the the other
users on the system (/home/other_user).  And even view all contents of
the root directory (/).  I don't know why the directive ChrootDirectory
%h is not working.  I have tried chmod'ing the directories to different
values: 700, 755, 777, starting with /home and then (iirc) 750 each user
directory.  This allows the client (FileZilla or AndFTP for Android) to
start in the ChrootDirectory however it does not set it to /.  I'm lost,
I've tried a number of different chmod values, set Subsystem to the
direct path, set Match User to a specific user with no negation or
wildcards, and even tried ChrootDirectory /home/specified_user.

I'm on Debian 5 (lenny) with OpenSSH 5.5p1, OpenSSL 0.9.8g

Any ideas or workarounds I could use to fix this?

I have read the manpage and the followed the guide here:
http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5&arch=&apropos=0&manpath=OpenBSD+Current



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic