I am trying to chroot a "test" user (group sftp) to /home/test. I've added the following lines at the end of my sshd_config:
Subsystem sftp internal-sftp Match User test ChrootDirectory /home/test X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp home and testdirectories have 755 permissions and are owned by root. I have also tried with ChrootDirectory /home.
root@Debian:/# namei -l /home/test f: /home/test drwxrwxrwx root root / drwxr-xr-x root root home drwxr-xr-x root root test I am unable to connect to the server via SFTP or SSH (whether I include Subsystem sftp internal-sftp and ForceCommand internal-sftp or not). As soon as I log in I get the following message:
Write failed: Broken pipe ... and the following is appended to auth.log:
May 12 13:48:29 Reach sshd[25503]: Accepted password for test from 192.168.0.10 port 51058 ssh2 May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session opened for user test by (uid=0) May 12 13:48:29 Reach sshd[25505]: fatal: bad ownership or modes for chroot directory component "/" May 12 13:48:29 Reach sshd[25503]: pam_unix(sshd:session): session closed for user test Apparently the problem is it's trying to chroot to "/" when it should be "/home/test". What am I missing ? I've left the rest of sshd_config to default values, and there is no other ChrootDirectory directive...
Thank you.
namei -l /home/testin your question?