You are not logged in.
Morning all,
I'm wanting to setup SFTP in a chroot, which is simply enough to do and I already have it working; however I also want it so that when they connect via SFTP it goes directly to their home directory. Currently I have the following in "/etc/ssh/sshd_config":
Subsystem sftp internal-sftp
Match Group sftp-users
ChrootDirectory /home
AllowTCPForwarding no
ForceCommand internal-sftp
Which works perfectly fine, however when they connect there are shown the contents of the "/home" directory which they then have to "cd username" to get to their home directory. This I do not like, and it confuses our clients who connect saying they can see "random folders that aren't mine", or some that think they've "hacked" the server.
I really need it so upon connection they go to "username" directory. I can do this by using:
usermod -d /username username
Which changes the users home directory to "/username", and then upon connection it works just fine, they are taken directory to their home directory. However, I really really do not like the fact that "/etc/passwd" shows a different home directory to their real home directory, i.e it states "/username" when actually it is "/home/username".
I've spent the entire day looking a different ways of doing it, and I can't come up with anything.
Any help?
Offline
It might seems obvious, but did you try something like 'ChrootDirectory %h' or something like that ?
Offline
I think I have same problem. I think it is because of your user's home directory and your chroot. When you chroot you can no longer redirect people to their home directories because they are outside the chroot (to a program running inside the chroot)...clearly I'm bad at explaining stuff so I'll try an example:
home dir = /home/bob
chroot = /home
When the user gets chrooted (into /home) the /home becomes /
Then ssh tries to send them to their home in /home/bob (or to the un-chrooted /home/home/bob). This file doesn't exist so it leaves them in / (/home to the un-chrooted).
Unfortunately, I have not found a way to have my cake and eat it too. If you change their home dir you will mess up the local but fix the sftp, if you leave the local you will still have the messed up sftp.
If they are not logging on locally this isn't a problem. Just change their home in /etc/passwd to /$user. NOTE: you will not be able to change the home dir's through the normal user account modifying tools because they won't let you change it to a non-existent dir.
Hope this makes sense! (and helps )
Last edited by threetwoone (2010-08-16 19:28:05)
Offline
Add this to ~/.bashrc
if [[ $SSH_TTY ]]; then
HOME=${HOME#/home}
cd $HOME
fi
Offline
Wow I can't believe I didn't think of that. That's a really easy fix.
Offline
Alternately, you could modify the MatchGroup with :
ChrootDirectory %h
Offline