SFTP, Chroot problems on Redhat

Posted by Curtis_w on Server Fault See other posts from Server Fault or by Curtis_w
Published on 2012-11-06T20:35:38Z Indexed on 2012/11/06 23:04 UTC
Read the original article Hit count: 295

Filed under:
|
|
|

I'm having problems setting up sftp with a ChrootDirectory. I've done an equivalent setup on other distros, but for some reason I cannot get it to work on a Redhat AMI.

The changes to my sshd_config file are:

Subsystem       sftp    internal-sftp

Match Group ftponly
      PasswordAuthentication yes
      X11Forwarding no
      ChrootDirectory %h
      ForceCommand internal-sftp
      AllowTcpForwarding no

I have the concerned usere's homes at /home/user, owned by root. After connecting with a user in the ftponly group, I'm dropped into / without permissions for anything, and am unable to do anything.

sftp bob@localhost
Connecting to localhost...
bob@localhost's password: 
sftp> pwd
Remote working directory: /

I can connect normally with users not in the ftponly group.

openssh version 5.3

I've experimented with different permissions, as well as having users own their own home directory (gives a Write failed: Broken pipe error), and so far, nothing has seemed to work.

I'm sure it's a permissions error, or something equally as trivial, but at this point my eyes are beginning to glaze over, and any help would be greatly appreciated.

EDIT:

James and Madhatter, thanks for clarifying. I was confused by chroot dropping me in /... just didn't think through it properly. I've added the appropriate directories and permissions to get read access. One other key part was enabling write access to chrooted homes:

setsebool -P ssh_chroot_rw_homedirs on

in order to get write access. I think I'm all set now. Thanks for the help.

© Server Fault or respective owner

Related posts about ssh

Related posts about redhat