Chroot for SFTP in FN11?

Status
Not open for further replies.
C

ChrisNAS

Explorer
Joined
Apr 14, 2017
Messages
71
Hi there.

I am trying to get to a point where I have an user be able to SFTP to a specific dataset in my FN 11 box. I've got the user, group, sshd_conf extras, and can connect. However, logged in with that user, I can navigate up out of the user's home directory. When I first connect, I'm in the user home directory, but I can go up all the way to the root of the system.

I've been going through whatever I could find. Problem seems to be that most of the info applies to older versions of FN. Not seeing more recent stuff. What I did find I followed and ultimately got to having everything setup, just not limited as I need it.

This is pretty much what I did though found this after: https://forums.freenas.org/index.php?threads/problems-about-sftp.37028/

In the last couple screenshots in that thread, the directory "/" looks to actually be the user directory and not "/" of the system. For me, as I wrote above, upon connection I'm in the user home, but I can navigate up.

So, is this not possible in FreeNAS-11.0-U1?

Any help/tips much appreciated.

Thank you
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
If you want to keep people in their tiny part of the filesystem, jails are the safest way.
 
C

ChrisNAS

Explorer
Joined
Apr 14, 2017
Messages
71
Thanks for the replies. I'll be using this user account for an external server to backup to this dataset.

I suppose I could mount the dataset inside my standard bsd jail... and if its the only way, so be it. It just kind of throws a mess at what I'd imagine be a fairly simple need and I'm wondering why that is necessary.

Would you mind sharing some info about setup?

And just so I know... is it not possible to achieve without the jail?
 
C

ChrisNAS

Explorer
Joined
Apr 14, 2017
Messages
71
Still wondering if anyone knows how to set this up without jail. Anyone? Please...
 
RobbieL811

RobbieL811

Cadet
Joined
Aug 26, 2017
Messages
4
What's up guys? Do any of you not have problems with maxing out your link speed on WAN sftp transfers to your jails? I am having serious issues with this that I can't seem to get ironed out. I guess I should really start a new thread about this. I was just wondering if any of you have any issues like this? I have a 150 Mbps down connection to my home, yet when I try to SFTP, rsync, or scp ANYTHING to my jail, I am only able to reach max speeds of around 2-3 Megabytes per second. Don't seem to have the same issues on a linux box. Local transfers seem to be ok. Only WAN. And no, I'm not using outdated hardware or stressing the CPU too much. My CPUs should be able to handle any SSH ciphers that are used I would think. Anyways, if one of you can shed a little light on this, please do help me. This is crucial to my setup.
 
C

ChrisNAS

Explorer
Joined
Apr 14, 2017
Messages
71
RobbieL811 said:
What's up guys? Do any of you not have problems with maxing out your link speed on WAN sftp transfers to your jails? I am having serious issues with this that I can't seem to get ironed out. I guess I should really start a new thread about this. I was just wondering if any of you have any issues like this? I have a 150 Mbps down connection to my home, yet when I try to SFTP, rsync, or scp ANYTHING to my jail, I am only able to reach max speeds of around 2-3 Megabytes per second. Don't seem to have the same issues on a linux box. Local transfers seem to be ok. Only WAN. And no, I'm not using outdated hardware or stressing the CPU too much. My CPUs should be able to handle any SSH ciphers that are used I would think. Anyways, if one of you can shed a little light on this, please do help me. This is crucial to my setup.
Click to expand...

I also had some speed issues, but after new hardware (network untouched) transfer speeds have been great. I did an rsync from a vps to local and reached 6mb transfers if I recall correctly. In any case, they were fast. You also have to think that even if your network can download at X speed, the remote server/network may be throttling the download speeds or you could just be hitting their max.
 
RobbieL811

RobbieL811

Cadet
Joined
Aug 26, 2017
Messages
4
ChrisNAS said:
I also had some speed issues, but after new hardware (network untouched) transfer speeds have been great. I did an rsync from a vps to local and reached 6mb transfers if I recall correctly. In any case, they were fast. You also have to think that even if your network can download at X speed, the remote server/network may be throttling the download speeds or you could just be hitting their max.
Click to expand...
I don't think these things are my issue though. Truthfully idk what the hell is going on lol. I've bought 3 different nics because of this. That didn't solve the issue. I upgraded my CPUs to dual Xeon 5690s, and they didn't solve the issue. Made all new CAT6 cables. I seem to get great FTP speed. Downloading from gigabit links. NAS is on a 200Mbps/25Mbps line, and I'm getting 2 Megabyte/sec downloads. Install a debian based district (Ubuntu 16.04) and SFTP speeds jump to 22-24 megabytes/sec. Very frustrating. All local SFTP transfers run at 110 or so megabytes/sec. Sorry for lack of description. I'm on mobile.
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
RobbieL811 said:
What's up guys? Do any of you not have problems with maxing out your link speed on WAN sftp transfers to your jails? I am having serious issues with this that I can't seem to get ironed out. I guess I should really start a new thread about this. I was just wondering if any of you have any issues like this? I have a 150 Mbps down connection to my home, yet when I try to SFTP, rsync, or scp ANYTHING to my jail, I am only able to reach max speeds of around 2-3 Megabytes per second. Don't seem to have the same issues on a linux box. Local transfers seem to be ok. Only WAN. And no, I'm not using outdated hardware or stressing the CPU too much. My CPUs should be able to handle any SSH ciphers that are used I would think. Anyways, if one of you can shed a little light on this, please do help me. This is crucial to my setup.
Click to expand...
That really has nothing to do with this thread. You should open your own thread and include the information that the forum rules ask you to include.
 
RobbieL811

RobbieL811

Cadet
Joined
Aug 26, 2017
Messages
4
Ericloewe said:
That really has nothing to do with this thread. You should open your own thread and include the information that the forum rules ask you to include.
Click to expand...
Yeah. I know. Sorry about that. I'll open up a new thread this evening. Again, sorry.
 
JoshDW19

JoshDW19

Community Hall of Fame
Joined
May 16, 2016
Messages
1,077
Ericloewe said:
That really has nothing to do with this thread. You should open your own thread and include the information that the forum rules ask you to include.
Click to expand...

Hey Eric I think we have the capability to split these off into threads on our own. Feel free to split it off if you feel like it's off topic! :)
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
I know, I've done it a few times.

In this case, I felt that a new thread was the better option, since there's information missing anyway.

RobbieL811 said:
Yeah. I know. Sorry about that. I'll open up a new thread this evening. Again, sorry.
Click to expand...
No need to apologize, it's simply in your interest to attract people to your problem.
 
C

cchr82

Dabbler
Joined
Dec 6, 2017
Messages
18
ChrisNAS said:
Still wondering if anyone knows how to set this up without jail. Anyone? Please...
Click to expand...
Not sure if you every solved this, but I was able to setup the chroot without the need for a jail following the instructions in the link you sent out. I made one minor change though in the ChrootDirector though. I just pointed it to the parent folder for all users (i.e. /mnt/vol02/mozzie) in that case
 
C

cchr82

Dabbler
Joined
Dec 6, 2017
Messages
18
blackjack97 said:
@ChrisNAS:
In the manual is said: "some utilities such as WinSCP can bypass the chroot". Did/does your change also solve this?
Click to expand...
I never tried winscp, I just tried it mainly via terminal, and I think on mobaxterm and cyberduck. Did winscp get around it on your end?
 
Status
Not open for further replies.

Similar threads

U
  • Locked
Chroot for SFTP?
Replies
14
Views
10K
James
J
M
SFTP and chroot
Replies
3
Views
2K
Ericloewe
Ericloewe
J
  • Locked
Chroot and SFTP
Replies
2
Views
5K
jmcvay
J
Spark
  • Locked
How to set up a shared directory using chroot (SFTP)?
Replies
7
Views
8K
paleoN
paleoN
M
  • Locked
SFTP chroot and SSH keys
Replies
2
Views
2K
anodos
anodos
Top