scponly worked but didn't chroot the home folder, the user can still browse the entire server.

Posted by Mint on Server Fault See other posts from Server Fault or by Mint
Published on 2010-03-02T09:13:01Z Indexed on 2010/04/23 4:04 UTC
Read the original article Hit count: 248

Filed under:

chroot

|

scp

So I followed the "Chroot and Debian" tutorial in http://sublimation.org/scponly/wiki/index.php/FAQ

Then when I log into user "upload" via ssh I have no access to the command line (this is what I wanted).

But then when I SFTP into the upload user I can still see all the root files (/), it didn't chroot me to just /home/upload whats going on?

….

I added this to the end of my /etc/ssh/sshd_config file, then done a restart

Subsystem sftp internal-sftp

UsePAM yes

Match User upload
    ChrootDirectory /home/upload
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then when I log into sftp I can only see my upload folder (this is what I want), but now scp doesn't work :P

SCP will accept my password then:

debug1: Next authentication method: password
[email protected]'s password: 
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_NZ.UTF-8
debug1: Sending command: scp -v -t /test

It will hang on that last debug message.

Any help would be greatly appreciated.

Note, running Debian Lenny

© Server Fault or respective owner

Related posts about chroot

Chroot within chroot

as seen on Server Fault - Search for 'Server Fault'
I'm using Centos 5.2 and when I try to make a chroot jail using the script, I get: Copying libraries for /usr/bin/scp. (0x00007fff17bfe000) cp: cannot stat `(0x00007fff17bfe000)': No such file or directory ... I am currently using on a rackspace cloud server so i suspect that these dependencies… >>> More
start apache2 in chroot environment

as seen on Server Fault - Search for 'Server Fault'
This is my first time I am trying to install Apache2 HTTP server in a chroot environment. That's why i decided to follow this procedure : http://www.symantec.com/connect/articles/securing-apache-2-step-step my web server start with successful : root@ubuntu:/usr/local/apache2/bin/apachectl start [Tue… >>> More
OpenSSH SFTP server with chroot() + user with chroot exception

as seen on Server Fault - Search for 'Server Fault'
I am currently setting up an SFTP server but there is one detail I can't seem to figure out. When I add a user, I would like him to connect using his client and be able to write in his "root dir" right away. My Match case for the SFTP-users group currently has ChrootDirectory set as "/home/%u",… >>> More
Chroot into a 32 bit version of ubuntu from a 64 bit host

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a piece of software that only runs on 32 bit linux (Xilinx webPack 10.1, apperently it 'has' to be the old version because that's the latest one compatible with their boards), anyway, this version is only compatible with 32 bit linux. So, I head off to this page to see what I can do: https://help… >>> More
Chroot with CentOS 5.3 + openssh 4.3p2

as seen on Server Fault - Search for 'Server Fault'
OS: CentOS 5.3, with openssh 4.3p2 Trying to set 'chroot' in ssh shell, but openssh version prior to 4.8 doesn't take below settings. yum update openssh open up to version 4.3 which is quite old. Doesn't CentOS support openssh 4.8 or up? If that's the case, how to set chroot with openssh 4.3? or… >>> More

Related posts about scp

Variable directory names over SCP

as seen on Server Fault - Search for 'Server Fault'
We have a backup routine that previously ran from one disk to another on the same server, but have recently moved the source data to a remote server and are trying to replicate the job via scp. We need to run the script on the target server, and we've set up key-based scp (no username/password… >>> More
Does SCP lock the file it is transfering?

as seen on Server Fault - Search for 'Server Fault'
Have a situation where we have an application log sitting out on an AIX server. The log is being continually written to from the application, and we have users on Windows who want to view the file. What they've been doing is using WinSCP to transfer the file to their desktop and they open it using… >>> More
Problems with SCP stalling during file copy over VPN

as seen on Server Fault - Search for 'Server Fault'
I have a series of files I need to copy via SCP over a VPN to a remote linux server each night. The files are not large, we're talking about tens of megabytes here, but the file copy almost always stalls after a few seconds. Running the SCP command with -vvv, I see the following over and over throughout… >>> More
scp hangs at 100%, before finishing

as seen on Super User - Search for 'Super User'
Hi, my scp commands do hang at 100% before the finish (some seconds), The output I get using -vvv is this: http://paste.pocoo.org/show/137504/ Any ideas? >>> More
Prevent scp from copying local files?

as seen on Super User - Search for 'Super User'
I just read the Linux scp command issue question and it reminded me that I regularily forget to specify the colon in the host part of a scp command, and thus copying a file locally instead of copying to a remote host, e.g. I do scp foo host instead of scp foo host: But I never use scp to copy… >>> More