Fedora Linux Support Community & Resources Center
  #1  
Old 16th September 2008, 02:08 PM
JPMallory Offline
Registered User
 
Join Date: Oct 2006
Posts: 12
ChrootDirectory Jail with sftp

I have a server that several users connect to to retrieve files via ftps and sftp. (I leave the choice up to the user). Just the other day I read about the ChrootDirectory option for SSH which allows me to jail the users to their home directory, much like the ftps users are.

Here are the steps I used for the setup. (Fedora 9 )

I commented this line out of /etc/ssh/sshd_config:

#Subsystem sftp /usr/libexec/openssh/sftp-server

and added these lines:

Subsystem sftp internal-sftp

Match Group sftponly
ForceCommand internal-sftp
ChrootDirectory /home/%u


I added the sftponly group

groupadd sftponly

And then to set up a new jailed user,(steveperry) I take the following steps:

useradd steveperry
usermod -G sftponly steveperry
chown root /home/steveperry
chmod 750 /home/steveperry
mkdir /home/steveperry/steveperry
chown steveperry:steveperry /home/steveperry/steveperry
usermod -d /home/steveperry/steveperry steveperry


And this works well. If steveperry chooses ftps, he's jailed to the /home/steveperry/steveperry directory. If he chooses sftp, then he's jailed to the /home/steveperry directory and can read and write to the /home/steveperry/steveperry directory.

Now, here's my question: Using sftp, when steveperry connects, his starting location is /home/steveperry, which he cannot write to. He will have to issue a cd steveperry to get to the directory he can read and write to.

Is there anything I can set on the server that will do this for him automatically?
Reply With Quote
  #2  
Old 16th September 2008, 02:27 PM
stevea
Guest
 
Posts: n/a
ChrootDirectory /home/%u/%u

Not so ?
Reply With Quote
  #3  
Old 16th September 2008, 03:29 PM
JPMallory Offline
Registered User
 
Join Date: Oct 2006
Posts: 12
No, if I do that I get the following errors after login.
Read from remote host SERVERNAME: Connection reset by peer
Couldn't read packet: Connection reset by peer


It appears that the ChrootDirectory has to be owned by root. I've tried making the group writable (chmod 770) but that throws an error as well.
Reply With Quote
Reply

Tags
chrootdirectory, jail, sftp

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh jail viper3two Security and Privacy 14 3rd May 2011 10:57 PM
put the user in jail environment miniLinux Security and Privacy 5 13th June 2008 04:57 PM
SSH and ChrootDirectory CMACOY Security and Privacy 2 10th June 2008 12:02 AM
sftp creating restricted shell for sftp only 105547111 Using Fedora 3 29th May 2007 02:14 AM
Sex with girlfriend=10 years in jail..... Shadow Skill Wibble 77 27th December 2006 09:05 AM


Current GMT-time: 22:20 (Saturday, 24-06-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat