ubuntu 20.04 - ChrootDirectory in sshd_config wont work with tokens %h or %u

azraelAT

10/2/23, 10:08 AM

I am trying to lock users into their home directory using a dedicated group in the sshd_config. The section of my group looks as follows

Match Group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Using %h or even /home/%u wont work when I try to connect with any user. I checked all permissions on their home directories and everything looks ok.

Interestingly, when I provide ChrootDirectory with a static path, everything works fine.

E.g the following config lets users connect (but in the wrong directory)

Match Group sftponly
ChrootDirectory /home/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

man sshd_config says that I am using the %h token correctly:

ChrootDirectory accepts the tokens %%, %h, %U, and %u.

Appreciate any hint since I spent hour on it already

0 + 0

ubuntu

ssh

chroot

sftp

Score:0

Server

Flo

10/2/23, 1:41 PM

As answered here here leading to here the ChrootDirectory has to be owned by root and can't be any group-write access.

As the home dirs of the specific user is by default owned by that user, your config is not working.

So either chown the home directory to root and create a folder in it where the user has the right to read/write or use a different ChrootDirectory.

0 + 0

azraelAT

10/2/23, 1:48 PM

thank you! I didnt stumble across those two pages while searching for a solution. It works fine now

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ubuntu 20.04 - ChrootDirectory in sshd_config wont work with tokens %h or %u

TH: ubuntu 20.04 - ChrootDirectory ใน sshd_config จะไม่ทำงานกับโทเค็น %h หรือ %u

RO: ubuntu 20.04 - ChrootDirectory în sshd_config nu va funcționa cu token-urile %h sau %u

RU: Ubuntu 20.04 — ChrootDirectory в sshd_config не будет работать с токенами %h или %u

VI: Ubuntu 20.04 - ChrootDirectory trong sshd_config sẽ không hoạt động với mã thông báo %h hoặc %u

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.