Difference between revisions of "SFTP CHROOT SSHD"

From Michael's Information Zone
Jump to navigation Jump to search
(Created page with "<ref>http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux</ref>It appears after the OpenSSH-6.6.1p1-31 update, only the user's pri...")
 
 
Line 1: Line 1:
 +
The following was written by http://serverfault.com/users/387035/will
 +
<br>
 +
<br>
 
<ref>http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux</ref>It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.
 
<ref>http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux</ref>It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.
 
<br>
 
<br>

Latest revision as of 10:23, 18 January 2017

The following was written by http://serverfault.com/users/387035/will

[1]It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.

Repro steps:

$ groups sftpuser  
sftpuser : sftpgroup sftpuser  
$ ls -ld /home/sftpuser/  
drwx--x--- 2 root sftpuser 4096 Nov 22 18:31 sftpuser/  
$ sftp sftpuser@localhost  
sftpuser@localhost's password:  
Write failed: Broken pipe  
Couldn't read packet: Connection reset by peer  
$ chgrp sftpgroup sftpuser/  
$ ls -ld /home/sftpuser/  
drwx--x--- 2 root sftpgroup 4096 Nov 22 18:31 sftpuser/  
$ sftp sftpuser@localhost  
sftpuser@localhost's password:  
Connected to localhost.  
sftp> exit