SFTP ChRoot result in broken pipe

linux ubuntu sftp openssh chroot

I have a website that I want to add some restricted access to a sub-folder. For this, I've decided to use CHROOT with SFTP (I mostly followed this link : http://shapeshed.com/chroot_sftp_users_on_ubuntu_intrepid/)

For now, I've created a user (sio2104) and a group (magento).After following the guide, my folder list look like this :

-rw-r--r--  1 root root       27 2012-02-01 14:23 index.html
-rw-r--r--  1 root root       21 2012-02-01 14:24 info.php
drwx------ 15 root root     4096 2012-02-25 00:31 magento

As you can see, i've chown root:root the folder magento I wanted to jail-in the user and ...everything else by the way. Also in the magento folder, I chown sio2104:magento everything so they can access what they want. Finally, I've added this to sshd_config file :

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Match Group magento
        ChrootDirectory /usr/share/nginx/www/magento
        ForceCommand internal-sftp
        AllowTCPForwarding no
        X11Forwarding no
        PasswordAuthentication yes

#UsePAM yes

And the result is...well, I can enter my login, password and it's all finished with a "broken pipe" error. 

$ sftp [email protected]
[....some debug....]
[email protected]'s password: 
debug1: Authentication succeeded (password).
Authenticated to 10.20.0.50 ([10.20.0.50]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
Write failed: Broken pipe
Connection closed

Verbose mode gives nothing to help. Anyone have an idea of what I've done wrong? If I try to login with ssh or sftp with my personnal user, everything works fine.


I had the same problem.

The chroot-dir must be set to owner root and group root. (chown root:root chroot-dir)


Try having your default directory different to chroot directory.

I have set /home/ftpman as my default directory.

vi /etc/passwd

..
ftpman:x:1001:1002::/home/ftpman:/bin/bash

and 

ls -la /home

...
drwxr-xr-x  5 ftpman sftponly 4096 Jun 25 11:56 ftpman

Then I have chroot directory set to /. And it works for me

vi /etc/ssh/sshd_config

...
Match Group sftponly
  X11Forwarding no
  AllowTcpForwarding no
  ChrootDirectory /
  ForceCommand internal-sftp

I'm not 100% sure on this, but as far as I understand the chroot process, SSHd will fork as your user first, then tries to chroot. This will obviously fail as the directory can't be accessed being sio2104 on the system.

Try loosening up the filesystem permission on the magento folder (chmod o+rx).

Related

How to open a link with only a keyboard on Google Docs
\G like vertical output in MySQL Workbench for show engine innodb status
How to add a 2.5" drive to a desktop computer case?
vgdisplay and lvdisplay No volume groups found
How do you show email size in Outlook 2010?
Bash: permission denied for file write
Shut down Windows 8 from command line WITHOUT BANNER?
Ubuntu purple terminal colors in ConEmu
Is there a word for the moment before something irreversible happens? [closed]
Can the epicene personal pronoun “they’ be used regardless of semantic gender of the word?
Term for street meant for cars and pedestrians
"Had me blind" and grammar in lyrics/poems