Hello, I'll get right to the question I have:
Code:
OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
with /etc/ssh/sshd_config configured as:
Code:
AcceptEnv LANG LC_*
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UsePAM yes
Subsystem sftp internal-sftp
Match User '!my_user' Group sftpusers
ChrootDirectory /home/%u
ForceCommand internal-sftp
Match Address local-ip User my_user
ChrootDirectory None
X11Forwarding yes
AllowTcpForwarding yes
ForceCommand /bin/bash
Match User my_user
ForceCommand /bin/bash
X11Forwarding yes
AllowTcpForwarding yes
ChrootDirectory None
I have tried:
Code:
Match User '!my_user' Group sftpusers
ForceCommand internal-sftp
ChrootDirectory %h
and I still can access folders above the home directory, when I log in from my mobile (AndFTP 1.6 for Android) or from FileZilla on the local network.
Here is the permissions and owners:groups of the folders I am using.
user: johndoe
group: sftpusers
mount home: /home/johndoe
actual home: /srv/ftproot/users/johndoe
mounted with:
Code:
mount --bind /srv/ftproot/users/johndoe /home/johndoe
Code:
ls -l /srv/ftproot/users
outputs:
Code:
drwxr-xr-x 2 johndoe sftpusers 4096 2010-06-27 10:30 johndoe
So basically, I have a group 'sftpusers' and user 'johndoe' which should match against a conditional Match User / Group statement in sshd_config. I restart /etc/init.d/ssh restart each time I modify the config, however, I am still able to access parent directories.
I can post more info, if requested, this is all I can think of as necessary.
Heres a link to sshd_config manpage:
http://www.manpagez.com/man/5/sshd_config/ for those who want to read more.
In short... ChrootDirectory /home/%u nor ChrootDirectory %h will not chroot() to the home directory!