scponly worked but didn't chroot the home folder, the user can still browse the entire server.

Posted by Mint on Server Fault See other posts from Server Fault or by Mint
Published on 2010-03-02T09:13:01Z Indexed on 2010/04/23 4:04 UTC
Read the original article Hit count: 252

Filed under:
|

So I followed the "Chroot and Debian" tutorial in http://sublimation.org/scponly/wiki/index.php/FAQ

Then when I log into user "upload" via ssh I have no access to the command line (this is what I wanted).

But then when I SFTP into the upload user I can still see all the root files (/), it didn't chroot me to just /home/upload whats going on?

….

I added this to the end of my /etc/ssh/sshd_config file, then done a restart

Subsystem sftp internal-sftp

UsePAM yes

Match User upload
    ChrootDirectory /home/upload
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then when I log into sftp I can only see my upload folder (this is what I want), but now scp doesn't work :P

SCP will accept my password then:

debug1: Next authentication method: password
[email protected]'s password: 
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_NZ.UTF-8
debug1: Sending command: scp -v -t /test

It will hang on that last debug message.

Any help would be greatly appreciated.

Note, running Debian Lenny

© Server Fault or respective owner

Related posts about chroot

Related posts about scp