brando56894
Wizard
- Joined
- Feb 15, 2014
- Messages
- 1,537
Hey Guys,
I'm trying to setup a jailed SFTP user in one of the jails on my NAS and some very strange things are happening. I have /etc/ssh/sshd_config setup for matchuser and it works inside my network (from FreeBSD OS to FreeBSD Jail, ssh rejects the connection but sftp works as expected) but from outside my network it prompts me for the password and even when I enter it correctly it asks me for it again, eventually reaching my max login attempts then it closes the connection. I am 100% sure that the external IP is routed to the jail that I have created the jailed user in so I have no idea why it's not working and nothing is showing up in /var/log/auth.log when I attempt the external connection, info is there when I use the internal connection though. To make it even more odd, my normal user (bran) works perfectly from inside and outside of my network.
/etc/ssh/sshd_config
I'm trying to setup a jailed SFTP user in one of the jails on my NAS and some very strange things are happening. I have /etc/ssh/sshd_config setup for matchuser and it works inside my network (from FreeBSD OS to FreeBSD Jail, ssh rejects the connection but sftp works as expected) but from outside my network it prompts me for the password and even when I enter it correctly it asks me for it again, eventually reaching my max login attempts then it closes the connection. I am 100% sure that the external IP is routed to the jail that I have created the jailed user in so I have no idea why it's not working and nothing is showing up in /var/log/auth.log when I attempt the external connection, info is there when I use the internal connection though. To make it even more odd, my normal user (bran) works perfectly from inside and outside of my network.
/etc/ssh/sshd_config
Code:
# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ # $FreeBSD: releng/9.3/crypto/openssh/sshd_config 264693 2014-04-20 13:12:32Z des $ LogLevel INFO # Authentication: LoginGraceTime 2m PermitRootLogin no MaxAuthTries 3 MaxSessions 10 PrintMotd no TCPKeepAlive yes # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server Match User blackbeard ChrootDirectory /sshjail ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no PermitTunnel no
Code:
[bran@UsenetApps /home]$ ls -l /|grep ssh drwxr-xr-x 2 root wheel 3 Dec 16 11:27 sshjail [bran@UsenetApps /home]$ id blackbeard uid=1003(blackbeard) gid=1003(blackbeard) groups=1003(blackbeard)
Code:
[root@freenas] ~# sftp blackbeard@usenet Password for blackbeard@UsenetApps.brandongolway.us: Connected to usenet. sftp> dir test sftp>
Code:
[bran@UsenetApps /home]$ ls /sshjail/ test
Code:
[bgolway@frichardslinux ~]$ sftp -P3000 blackbeard@myhost.us blackbeard@myhost.us's password: Permission denied, please try again. blackbeard@myhost.us's password: Permission denied, please try again. blackbeard@myhost.us's password: Permission denied (publickey,password). Couldn't read packet: Connection reset by peer
