sftp server chroot initial directory
I have configured an sftp server with chroot and it works fine, the only thing that is bothering me is the initial landing directory, since the sftp user does not have write permissions in the landing folder he has to go to a folder named after his own username to upload files.
I have set: ForceCommand internal-sftp -d %u, which I found in some configuration guides and they said that it should change the landing folder, but it does not work. At the beginning I had configured a null script for the user login at passwd, but I changed it to /bin/bash in case that it might have had something to do with this. I rebooted the service, so it might not be that the cause also.
Perhaps it might be related to the version of ssh that the distribution I'm using has or perhaps sshd cannot do this at all?
Here is my configuration regarding to sshd:
CentOS release 6.6 (Final)
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 201
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -d %u
Solution 1:
You can use option -d
of sftp which changes the starting directory for you. See sftp-server(8)
manual page:
-d start_directory
specifies an alternate starting directory for users. The pathname may contain the following tokens that are expanded at runtime:
%%
is replaced by a literal '%',%h
is replaced by the home directory of the user being authenticated, and%u
is replaced by the username of that user. The default is to use the user's home directory. This option is useful in conjunction with the sshd_config(5)ChrootDirectory
option.
You can do this by putting this as an argument to internal-sftp
, for example:
Subsystem sftp internal-sftp -d "%h/sftp_home/"
Additionally, you might need to adjust your force-command, if you use one:
ForceCommand internal-sftp -d "%h/sftp_home/"
This should be available on openssh since version 6.2