Help with Openssh V5 - SFTP Chroot issue
All, since I have had no luck with RSSH on Solaris 10, I
went ahead and built OpenSSH_5.0p1, OpenSSL 0.9.7d 17 Mar 2004 (+
security patches to 2006-09-29), however, after making the necessary
recommendation to get it work or shall I say accept a "sftp connection"
I still cannot "put" files. Here is what is interesting:
My jailed directory is /sftp and it must be owned by root:root with
The user must be marked as /bin/false in the /etc/passwd
My jailed user directory specified in the sshd_config as shown below is
/sftp/username, in my case citicorr, also note the group name citicorr
in the cp of the sshd_config below. Here's the catch you must change
the sftp user account to also be owned by root:root. So, even though I
can connect via sftp as user citicorr who is in a group citicorr, the
user cannot put since the dir is owned by root:root. If I change
ownership of the /sftp/citicorr directory to citicorr:root or
citicorr:citicorr the user cannot even connect and it displays a error
in the /var/adm/messages Jul 9 22:28:16 mdsuawa0p sshd: [ID
800047 auth.crit] fatal: bad ownership or modes for chroot directory
"/sftp/citicorr". ANY HELP WOULD BE APPRECIATED!!!!
Password File Entry -
Group File Entry citicorr::303:Subsystem sftp internal-sftp
Jail Dir - drwxr-xr-x 5 root root 512 Jul 9 23:13 sftp
SFTP Home dir - /sftp/citicorr drwxr-xr-x 2 root citicorr 512
Jul 9 22:18 citicorr
Match group citicorr
[@msuals01]$ sftp -o port=1022 citicorr@mdsuawa0p
Connecting to mdsuawa0p...
Warning: Permanently added 'mdsuawa0p,172.25.17.197' (RSA) to the list
of known hosts.
Remote working directory: /
sftp> put roland
Uploading roland to /roland
Couldn't get handle: Permission denied