Author Topic: SFTP chroot  (Read 6942 times)

0 Members and 1 Guest are viewing this topic.

SFTP chroot
« on: April 25, 2015, 02:50:35 PM »
By default on my testserver and real server, I can walk out of my /home directory and view other peoplese files when using SFTP (or SSH). So user is not real chrooted.

I think I remember that this worked first time I tested, but not any more..

What is the best way to correct this? I have found a guide that explains how to do this step by step:

I have changed sshd to this:
Match Group vhosts
ChrootDirectory %h
ForceCommand internal-sftp
AllowTCPForwarding no
X11Forwarding no

Filezilla gives this:
Connected to XXX
Error:   Received unexpected end-of-file from SFTP server

Sercure-log gives this:
Apr 25 16:27:05 myhost1 sshd[35917]: pam_unix(sshd:session): session opened for user mytestuser by (uid=0)
Apr 25 16:27:05 myhost1 sshd[35919]: subsystem request for sftp
Apr 25 16:27:05 myhost1 sshd[35917]: pam_unix(sshd:session): session closed for user mytestuser

I have chown root for home-directory and I have added mytestuser to the group vhosts (a built in group already present would be better).

Re: SFTP chroot
« Reply #1 on: May 04, 2015, 10:13:39 PM »
at the moment there is no chrooted environment so you would need to manually allow sftp and by using online tutorials you can limit sftp.

It would be the best to only allow FTP or FTPES/FTPS.
AntiDDoS Protection (web + mail)

Join our Development Team and get paid !

Services Monitoring & RBL Monitoring

Do you need Fast and FREE Support included for your CWP linux server?
Installation Instructions
Get Fast Support Here

Re: SFTP chroot
« Reply #2 on: June 13, 2016, 11:43:40 PM »
Could this be implemented in a future release?

Re: SFTP chroot
« Reply #3 on: October 17, 2016, 07:36:05 PM »
Sounds like this product is not ready for prime time / production environments!     :-\  :-\  :-\

if you can move out of your folder via FTP ( or shell) and cat /etc/passwd - then not ready.

Yes, you CAN make adjustments to prevent this - but not being built in - a major problem.

Also, no CentOS 7 support?