Score:0

SFTP server gives connection error after reinstating deleted directories

jp flag

Some time ago I set up an SFTP server which worked happily. I have a configuration like this in my ssh_config

# override default of no subsystems
#Subsystem      sftp    /usr/lib/openssh/sftp-server
Subsystem       sftp    internal-sftp

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

Match User miscout
  # Force the connection to use SFTP and chroot to the required directory.
  ForceCommand internal-sftp
  ChrootDirectory %h
  # Disable tunneling, authentication agent, TCP and X11 forwarding.
  PermitTunnel no
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no


Match Group sftp_users
  ChrootDirectory /mnt/reos-storage-1/sftp_data/%u
  ForceCommand internal-sftp
  # Disable tunneling, authentication agent, TCP and X11 forwarding.
  PermitTunnel no
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

There is a user group sftp_users and a user named sftpuser1

Today, for some fun, I decided to accidentally delete the directory /mnt/reos-storage-1/sftp_data. I subsequently recreated the directory, and sub-directories, but now I cannot connect to the sftp server. I get an error like this:

$ sftp sftpuser1@<redacted>
sftpuser1@<redacted>'s password: 
packet_write_wait: Connection to 192.41.113.249 port 22: Broken pipe
Connection closed

I can ssh into the machine as other users.

My guess is that I have the wrong permissions on this directory somehow, because it is the only thing I have changed. Currently permissions and ownership look like this:

[root] /mnt/reos-storage-1 $ ls -l sftp_data/
total 4
drwxrwx--x 3 root root 4096 Jun 23 13:22 sftpuser1
[root] /mnt/reos-storage-1 $ ls -l sftp_data/sftpuser1/
total 4
drwxrwx--x 3 sftpuser1 sftp_users 4096 Jun 23 13:23 upload
[root] /mnt/reos-storage-1 $ ls -l sftp_data/sftpuser1/upload/
total 864
drwxrwx--x 2 sftpuser1 sftp_users 884736 Jun 23 16:06 MiScout

Can anyone tell me what I have done wrong?

Score:0
jp flag

My answer was in the comments to an answer in this question

The permissions on all parts of the Chroot directory parts need to be root.root.755. So in my case, this was the sftp_data and sftpuser1 directories.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.