SFTP Jails - OpenSSH - Software caused connection abort

Hello. I recently followed this guide: http://library.linode.com/security/sftp-jails/ in order to prevent some FTP users from seeing directories above in hierarchy from their default homes.

I followed all of the steps involved, but I am now getting:

"Error: Network error: Software caused connection abort

Error: Could not connect to server"

This occurs upon trying to connect with SFTP using FileZilla.

What are some steps to fix this issue and is there something I might have missed in the setup process?

I am using Ubuntu 10.10 Maverick.

Thank you!

11 Replies

At a guess I'd say you missed this part

usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username

It's what most people miss.

If you set the log level to DEBUG in /etc/ssh/sshd_config and restart ssh then try connecting again, check /var/log/auth.log for debugging info which may give more information.

I did that, actually.

Anyway, here is what I just did:

[email protected]:~# usermod -G filetransfer nginxftp
[email protected]:~# chown root:root /home/nginxftp
[email protected]:~# chmod 755 /home/nginxftp
[email protected]:~# nano /etc/ssh/sshd_config
[email protected]:~# /etc/ssh/sshd_config restart
-bash: /etc/ssh/sshd_config: Permission denied
[email protected]:~# sudo /etc/ssh/sshd_config restart
sudo: /etc/ssh/sshd_config: command not found
[email protected]:~# /etc/ssh/sshd_config stop
-bash: /etc/ssh/sshd_config: Permission denied
[email protected]:~# chown root:root /etc/ssh/sshd_config
[email protected]:~# /etc/ssh/sshd_config restart
-bash: /etc/ssh/sshd_config: Permission denied
[email protected]:~# chmod 755 /etc/ssh/sshd_config
[email protected]:~# /etc/ssh/sshd_config restart
/etc/ssh/sshd_config: line 5: Port: command not found
/etc/ssh/sshd_config: line 9: Protocol: command not found
/etc/ssh/sshd_config: line 11: HostKey: command not found
/etc/ssh/sshd_config: line 12: HostKey: command not found
/etc/ssh/sshd_config: line 14: UsePrivilegeSeparation: command not found
/etc/ssh/sshd_config: line 17: KeyRegenerationInterval: command not found
/etc/ssh/sshd_config: line 18: ServerKeyBits: command not found
/etc/ssh/sshd_config: line 21: SyslogFacility: command not found
/etc/ssh/sshd_config: line 22: LogLevel: command not found
/etc/ssh/sshd_config: line 26: LoginGraceTime: command not found
/etc/ssh/sshd_config: line 27: PermitRootLogin: command not found
/etc/ssh/sshd_config: line 28: StrictModes: command not found
/etc/ssh/sshd_config: line 30: RSAAuthentication: command not found
/etc/ssh/sshd_config: line 31: PubkeyAuthentication: command not found
/etc/ssh/sshd_config: line 35: IgnoreRhosts: command not found
/etc/ssh/sshd_config: line 37: RhostsRSAAuthentication: command not found
/etc/ssh/sshd_config: line 39: HostbasedAuthentication: command not found
/etc/ssh/sshd_config: line 44: PermitEmptyPasswords: command not found
/etc/ssh/sshd_config: line 48: ChallengeResponseAuthentication: command not found
/etc/ssh/sshd_config: line 63: X11Forwarding: command not found
/etc/ssh/sshd_config: line 64: X11DisplayOffset: command not found
/etc/ssh/sshd_config: line 65: PrintMotd: command not found
/etc/ssh/sshd_config: line 66: PrintLastLog: command not found
/etc/ssh/sshd_config: line 67: TCPKeepAlive: command not found
/etc/ssh/sshd_config: line 74: AcceptEnv: command not found
/etc/ssh/sshd_config: line 76: Subsystem: command not found
/etc/ssh/sshd_config: line 87: UsePAM: command not found
/etc/ssh/sshd_config: line 89: Match: command not found
/etc/ssh/sshd_config: line 90: ChrootDirectory: command not found
/etc/ssh/sshd_config: line 91: X11Forwarding: command not found
/etc/ssh/sshd_config: line 92: AllowTcpForwarding: command not found
/etc/ssh/sshd_config: line 93: ForceCommand: command not found

Looks bad to me! XD

Anyway, in the log you just provided, this is what just occurred:

Mar 16 16:30:47 snarf sshd[18636]: pam_unix(sshd:session): session opened for user <userhere>by (uid=0)
Mar 16 16:30:47 snarf sshd[18649]: fatal: bad ownership or modes for chroot directory component "/home/"
Mar 16 16:30:47 snarf sshd[18636]: pam_unix(sshd:session): session closed for user</userhere> 

You restart ssh by using

service ssh restart

You also shouldn't have changed permissions on /etc/ssh/sshd_config so run chmod 0644 /etc/ssh/sshd_config

Oh, alright, thanks!

Okay so still an issue. Same debug message:

Mar 16 16:44:51 snarf sshd[18703]: debug1: Forked child 18718.
Mar 16 16:44:51 snarf sshd[18718]: Set /proc/self/oom_adj to 0
Mar 16 16:44:51 snarf sshd[18718]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Mar 16 16:44:51 snarf sshd[18718]: debug1: inetd sockets after dupping: 3, 3
Mar 16 16:44:51 snarf sshd[18718]: Connection from 98.217.6.30 port 53392
Mar 16 16:44:51 snarf sshd[18718]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Nov_21_2010_15:53:55
Mar 16 16:44:51 snarf sshd[18718]: debug1: no match: PuTTY_Local:_Nov_21_2010_15:53:55
Mar 16 16:44:51 snarf sshd[18718]: debug1: Enabling compatibility mode for protocol 2.0
Mar 16 16:44:51 snarf sshd[18718]: debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
Mar 16 16:44:51 snarf sshd[18718]: debug1: user <userhere>matched group list filetransfer at line 89
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: initializing for "<userhere>"
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: setting PAM_RHOST to "<hostname here="">"
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: setting PAM_TTY to "ssh"
Mar 16 16:44:51 snarf sshd[18718]: Failed none for <userhere>from 98.217.6.30 port 53392 ssh2
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: password authentication accepted for <userhere>Mar 16 16:44:51 snarf sshd[18718]: debug1: do_pam_account: called
Mar 16 16:44:51 snarf sshd[18718]: Accepted password for <userhere>from 98.217.6.30 port 53392 ssh2
Mar 16 16:44:51 snarf sshd[18718]: debug1: monitor_child_preauth: <userhere>has been authenticated by privileged process
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: establishing credentials
Mar 16 16:44:51 snarf sshd[18718]: pam_unix(sshd:session): session opened for user <userhere>by (uid=0)
Mar 16 16:44:51 snarf sshd[18718]: User child is on pid 18730
Mar 16 16:44:51 snarf sshd[18730]: debug1: SELinux support disabled
Mar 16 16:44:51 snarf sshd[18730]: debug1: PAM: establishing credentials
Mar 16 16:44:51 snarf sshd[18730]: fatal: bad ownership or modes for chroot directory component "/home/"
Mar 16 16:44:51 snarf sshd[18730]: debug1: do_cleanup
Mar 16 16:44:51 snarf sshd[18718]: debug1: do_cleanup
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: cleanup
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: closing session
Mar 16 16:44:51 snarf sshd[18718]: pam_unix(sshd:session): session closed for user <userhere>Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: deleting credentials</userhere></userhere></userhere></userhere></userhere></userhere></hostname></userhere></userhere> 

Sounds like this bit is wrong

Match group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Either that or your user's home directory is set to /home/ instead of /home/ What's the content of your /etc/ssh/sshd_config file?

I had

Match group filetransfer 
    ChrootDirectory /home/%u
    X11Forwarding no 
    AllowTcpForwarding no 
    ForceCommand internal-sftp

or something like that.

I changed it back to what you have, but still no changes. Still same debug error.

I also just re-set the home directory and no changes were made.

did you run service ssh restart after changing sshd_config?

What does ls -lhd /home output.

Yes.

And:

drwxrwxrwx 6 root root 4.0K Mar 10 15:43 /home

That fixed it :)

Thank you very much!!

!!!!

Try "chmod 755 /home" … you've got it set world-writable, which will (correctly) freak sshd out.

Hi,

I am facing the same issue and try everything but still not success.

Please if someone can help me as I am just one week old in Centos 7/Linux and may need some detailed help.

Thanks you

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct