https://wiki.1701technology.com/index.php?action=history&feed=atom&title=SFTP_CHROOT_SSHD 2026-05-06T14:02:01Z Revision history for this page on the wiki MediaWiki 1.34.1 https://wiki.1701technology.com/index.php?title=SFTP_CHROOT_SSHD&diff=275&oldid=prev 2017-01-18T15:23:30Z

<p></p> <table class="diff diff-contentalign-left" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="en"> <td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td> <td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 15:23, 18 January 2017</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">The following was written by http://serverfault.com/users/387035/will</ins></div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">&lt;br&gt;</ins></div></td></tr> <tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">&lt;br&gt;</ins></div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;ref&gt;http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux&lt;/ref&gt;It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;ref&gt;http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux&lt;/ref&gt;It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.</div></td></tr> <tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;br&gt;</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>&lt;br&gt;</div></td></tr> </table>

Michael.mast https://wiki.1701technology.com/index.php?title=SFTP_CHROOT_SSHD&diff=274&oldid=prev 2017-01-18T15:22:23Z

<p>Created page with &quot;&lt;ref&gt;http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux&lt;/ref&gt;It appears after the OpenSSH-6.6.1p1-31 update, only the user&#039;s pri...&quot;</p> <p><b>New page</b></p><div>&lt;ref&gt;http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux&lt;/ref&gt;It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.<br /> &lt;br&gt;<br /> &lt;br&gt;<br /> Repro steps:<br /> &lt;pre&gt;<br /> $ groups sftpuser <br /> sftpuser : sftpgroup sftpuser <br /> $ ls -ld /home/sftpuser/ <br /> drwx--x--- 2 root sftpuser 4096 Nov 22 18:31 sftpuser/ <br /> $ sftp sftpuser@localhost <br /> sftpuser@localhost's password: <br /> Write failed: Broken pipe <br /> Couldn't read packet: Connection reset by peer <br /> $ chgrp sftpgroup sftpuser/ <br /> $ ls -ld /home/sftpuser/ <br /> drwx--x--- 2 root sftpgroup 4096 Nov 22 18:31 sftpuser/ <br /> $ sftp sftpuser@localhost <br /> sftpuser@localhost's password: <br /> Connected to localhost. <br /> sftp&gt; exit <br /> &lt;/pre&gt;</div>

Michael.mast