SFTP CHROOT SSHD

From Michael's Information Zone
Jump to navigation Jump to search

The following was written by http://serverfault.com/users/387035/will

[1]It appears after the OpenSSH-6.6.1p1-31 update, only the user's primary group is checked for authentication during the SFTP connection attempt. With root and the user's primary group owning the home directory and at least 710 permissions, connection attempts should succeed.

Repro steps: 

$ groups sftpuser  
sftpuser : sftpgroup sftpuser  
$ ls -ld /home/sftpuser/  
drwx--x--- 2 root sftpuser 4096 Nov 22 18:31 sftpuser/  
$ sftp sftpuser@localhost  
sftpuser@localhost's password:  
Write failed: Broken pipe  
Couldn't read packet: Connection reset by peer  
$ chgrp sftpgroup sftpuser/  
$ ls -ld /home/sftpuser/  
drwx--x--- 2 root sftpgroup 4096 Nov 22 18:31 sftpuser/  
$ sftp sftpuser@localhost  
sftpuser@localhost's password:  
Connected to localhost.  
sftp> exit
  1. http://serverfault.com/questions/816219/sftp-suddenly-failing-for-chroot-accounts-on-amazon-linux
Retrieved from "https://wiki.1701technology.com/index.php?title=SFTP_CHROOT_SSHD&oldid=275"