Allowing both SFTP and SSH with chrooted directory

Ciaran

1/23/23, 4:54 PM

I am attempting to set up a user with SFTP access and limited SSH access. Therefore, I've chrooted the user and then set it up basically exactly as specified in this tutorial. However, while I can ssh into the server successfully, when I attempt to connect via an SFTP connection, it simply says Connection Failed.

Research and attempted fixes

I have attempted searching for anything that can explain how to do this however I could only find this topic which did not have any answers. In addition, there were no articles online that I could find that showed how this could be done.

I also tried copying the entire /bin and entire /lib folder into the chrooted directory in order to ensure that there wasn't any missing commands that may be causing it to fail. Looking at /var/log/auth.log yielded no results including as the only log was that the connection was closed by the user including when I set LogLevel Debug2 in /etc/ssh/sshd_config. Attempting to connect using an SCP connection in WinSCP allows me to see the files, however I can't copy anything to my local drive or vice versa

SSHD Config File (relevant section):

Match User test_user
    ChrootDirectory /home/test_user

0 + 0

linux

ssh

sftp

Score:0

Server

Ciaran

1/25/23, 2:03 PM

Eventually I found the jailkit tool which is designed to automate the jailing of users rather than doing it manually which I originally was attempting to do.

To set up the chrooted directory, I used the following steps

Installation (on Ubuntu) Installation from source can be found here

sudo apt install jailkit

Directory Setup

A list of various packages to allow access to can be found at /etc/jailkit/jk_init.ini. I also installed git this way after I had set it up

sudo chown root:root /srv/test_user
sudo jk_init -v /srv/test_user netutils basicshell jk_lsh openvpn ssh sftp

General format below

sudo chown root:root <chroot_directory>
sudo jk_init -v <chroot_directory> <packages>

Jailing the user

sudo jk_jailuser -m -j /srv/test_user test_user

Changing shell

Finally the shell specified in <chroot_directory>/etc/passwd should be changed from /usr/sbin/jk_lsh to /bin/bash. Note there should only be the entries for test_user, root and possibly one other login

From there, you can log in via ssh or sftp/scp and access everything as expected. Note that to log in via public key, you will need to set up the ~/.ssh/authorized_keys file

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Allowing both SFTP and SSH with chrooted directory

TH: อนุญาตทั้ง SFTP และ SSH ด้วยไดเร็กทอรี chrooted

RO: Permite atât SFTP, cât și SSH cu directorul chrootat

RU: Разрешение как SFTP, так и SSH с каталогом chroot

VI: Cho phép cả SFTP và SSH với thư mục chroot

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.