LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-01-2014, 09:51 AM   #1
Seb Spiers
LQ Newbie
 
Registered: Mar 2012
Location: Worcester, UK
Distribution: Fedora, CentOS
Posts: 18

Rep: Reputation: Disabled
sftp & chroot issues


Hi There,

I've setup sftp on a Fedora 14 box as per this guide: http://www.debian-administration.org...hrootDirectory (I realise it's a debian guide and not fedora).
I've also referenced this Fedora based guide: http://www.server-world.info/en/note...a_20&p=ssh&f=4 without success.

If I remove my sftp user from my sftponly group he can login, but isn't restricted to him home folder as his root.

If I add the user to the sftponly group as described in the guide the user cannot login and received an authentication error.

Quote:
Error: Network error: Software caused connection abort
Error: Could not connect to server
Whilst my client software advises to "see session log for details" I cannot find one!?

The end of my sshd_config reads:
Quote:
Subsystem sftp internal-sftp

# This section must be placed at the very end of sshd_config
Match Group sftponly
ChrootDirectory /home/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Can anyone offer any advice?

Last edited by Seb Spiers; 09-01-2014 at 09:54 AM.
 
Old 09-01-2014, 02:21 PM   #2
grim76
Member
 
Registered: Jun 2007
Distribution: Debian, SLES, Ubuntu
Posts: 308

Rep: Reputation: 50
Check your permissions, owners, and groups on the directories in question. That is typically where the problem is.

Keep in mind there are log files on the server side as well. Typically they present more information.

Last edited by grim76; 09-01-2014 at 04:11 PM. Reason: Pointing to server logs as well.
 
Old 09-02-2014, 03:28 AM   #3
Seb Spiers
LQ Newbie
 
Registered: Mar 2012
Location: Worcester, UK
Distribution: Fedora, CentOS
Posts: 18

Original Poster
Rep: Reputation: Disabled
The configuration which works is a little ridiculous.

Essentially I have to give root exclusive rights to the file and then the user rights to a subfolder (or subfolders) which they can then write to.

Mental. Is sftp intended to be a viable solution for file transfer?
 
Old 09-02-2014, 10:24 AM   #4
grim76
Member
 
Registered: Jun 2007
Distribution: Debian, SLES, Ubuntu
Posts: 308

Rep: Reputation: 50
That is how SFTP chroot'd is intended to work. We use SFTP where I work for almost all file transfers of any size. We don't allow FTP except where the other side does not offer any other method.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP logging for Chroot on CentOS 6.2 with openssh-5.3 not working (internal-sftp) RatherBFishin Linux - Server 1 08-30-2012 07:45 PM
SFTP Chroot Greedyh4mster Linux - Newbie 1 09-27-2010 12:26 AM
Chroot SSH problem: ssh working, not SFTP & SCP. NaCo Linux - Security 3 02-01-2009 03:23 AM
sftp + chroot ... almost schwing Linux - Software 1 10-26-2003 09:31 PM
Sftp and chroot axman Linux - Security 4 10-02-2003 05:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration