View all products
Compute
Storage
Networking
Databases
Services
Solutions
Pricing
Library
Technical Resources
Community
Marketplace
What's New
Community Questions Unable to sftp login with chrooted user - Unbuntu 10.04
Log in to Ask a Question

Unable to sftp login with chrooted user - Unbuntu 10.04

general

I am trying to share a wordpress directory for unknown developer who can upload files and edit things so i decided to make user account for him with sftp access but ran into problems.

I created user with "adduser testuser –home /srv/www/mysite.com/public_html/wordpress" as obviously i want to put his home dir only to be in my wordpress installation dir.

Afterwards i edited sshd_config in /etc/ssh and added

"Match user testuser

ChrootDirectory /srv/www/mysite.com/public_html/wordpress

ForceCommand /usr/lib/openssh/sftp-server

"

And after restarting ssh to load config changes i try to login with sftp client and just get disconnected after logon

auth.log from /var/log shows this

"fatal: bad ownership or modes for chroot directory component "/ srv/"

"

after being disconnected

4 Replies

The directory above the chrooted directory needs to be owned by root.

Still problems

I have set ownership to root with

"chown root /srv/www/mysite.com/public_html/wordpress"

as well as

"chown root /srv/www/mysite.com/public_html"

And i still get from auth.log "bad ownership or modes for chroot directory component "/srv/www/mysite.com/public_html/"

Surprisingly it doesnt throw "bad ownership or modes for chroot directory component "/ srv/" as before though :?:

Ok, some more updates on the problems if hopefully someone cares.

After logging on sftp via shell i was getting "Write failed: Broken pipe

Couldn't read packet: Connection reset by peer"

So being desperate i decide to google some more…

I tried to do this method suggested - http://jayeshjayan.com/chrooted-sftp-fa … component/">http://jayeshjayan.com/chrooted-sftp-fatal-bad-ownership-or-modes-for-chroot-directory-component/

And basically what i did is

chmod 755 /srv/www/mysite.com/public_html/wordpress

chown root:root /srv/www/mysite.com/public_html/wordpress

And doing same for every directory above all the way from /srv/www/mysite.com/public_html/wordpress to /srv

Now i dont get Broken pipe after trying to login via sftp but this(after using sftp verbose output)

debug1: Authentication succeeded (password).

debug2: fd 4 setting O_NONBLOCK

debug1: channel 0: new [client-session]

debug2: channel 0: send open

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug2: callback start

debug2: clientsession2setup: id 0

debug1: Sending environment.

debug1: Sending env LANG = en_US.UTF-8

debug2: channel 0: request env confirm 0

debug1: Sending subsystem: sftp

debug2: channel 0: request subsystem confirm 1

debug2: fd 3 setting TCP_NODELAY

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channelinputstatus_confirm: type 100 id 0

subsystem request failed on channel 0

Couldn't read packet: Connection reset by peer

And finally…

The last thing i had to fix is changing sshd_config and replace

"Subsystem sftp /usr/lib/sftp-server" and "ForceCommand /usr/lib/sftp-server"

to

"Subsystem sftp internal-sftp" and "ForceCommand internal-sftp"

After hours of pain with this finally i am on the top of the mountain, hopefully it helps someone else who might have similiar issue.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct