Chrooting Command Line SFTP Users

[mskenderian]

I followed all the steps in http://doc.freenas.org/index.php/SSH#Chrooting_Command_Line_SFTP_Users

now i get this error message:
sshd[53961]: fatal: bad ownership or modes for chroot directory component "/mnt/"

and i cant log in via the "test" user. if i take out:

Code:

Match Group sftp
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no

from the Services->SSH>Settings->Extra Options, i am able to log in again but it still doesnt restrict the user from browsing other directories.

Any Idea whats going on?

 

[William Grzybowski]

Login how? And have you configured the user home correctly? What is it?

You should know it does not work for SSH, just SFTP, which are quite different.

 

[mskenderian]

Yes the user is loging in via SFTP. in FreeNAS i put the users shell to nologin. Home Directories are /mnt/Data/Users/{username}/

the user is able to log in fine and it puts them into there home directory, but once i put the code above in the ssh extra options. then we have issues. we get the error listed above. and when the user does login it takes them to the root directory not home.

 

[William Grzybowski]

Looks like you have to chmod 755 /mnt.
It seems a known issue, reported in bug reporting section

 

[mskenderian]

.mnt is chmod 775

 

[William Grzybowski]

Yeah, I said 755, not 775