using this guide, I'm trying to set a specific folder restricted SFTP access on my OpenWrt device. I have no problems installing OpenSSH, configuring users etc., but restricting access to a specific folder using
ChrootDirectory option does not work. After setting it, different SFTP clients return different error messages like
can't get real path of "/"
"failed to resolve home directory"
I know that the problem lies probably in the folders access permissions. However, I've tried many combinations of the permissions (
/home/user/ 0755, 0775, …) without success. On the internet, one can easily find many topics of people who have similar problems with OpenSSH and chroot. I've read and tried almost everything I could find, bud without any progress whatsoever.
Could someone who really got it working tell the exact steps how he did it?
Pretty decent guide... but the chown/chgrp/chmod parts are all over the place. I'd be surprised if anyone without some background could extrapolate.
Your intended result and current config could use clarification, in order to best facilitate response.
My intended result is a working SFTP server on OpenWRT; users should have access limited to their home directory only. This should be achieved trough the
Well, my configuration… At first, I must say that Ive been trying different configurations for two days without success. It is complicated to put here everything I have tried. But the simplest configuration which should (and does not) work is:
openssh-sftp-server packages installed, enabled and started; dropbear disabled
client1, home directory
usermod -s /bin/false client1 set
Subsystem sftp internal-sftp
[rest at the end of the file]
Match User client1
chown root:root /home
chown root:root /home/client1
chmod 775 /home
chmod 775 /home/client1
All this with the result depicted in the first topic. Without the ChrootDirectory option it does work, but the user has unlimited access to the whole root directory. I have also tried setting chroot for a group (and assigning users to the group) with the exactly same result.
Many people have troubles with this as you could easily find using google.
sftp -vvv -P 22 -F /dev/null -o 'StrictHostKeyChecking no' -o 'UserKnownHostsFile=/dev/null' email@example.com