Join Log in
Score:1
Matteo Pasini avatar Ubuntu

Ubuntu sftp chroot jail on usb folder

id flag
Matteo Pasini

I have a problem configuring the sftp chroot jail on ubuntu on a folder that is stored on a usb. I have a Toshiba 4tb external hard disk, that it's automounted via fstab on /sftp path.

UUID={UUID} /sftp ext4 auto,defaults,nofail,rw 0 0

I have followed all the necessary steps to configure the sftp jail

sudo groupadd sftponly

sudo useradd -g sftponly -s /bin/false -m -d /sftp/backupsftp backupsftp

sudo passwd backupsftp

sudo chown root: /sftp/backupsftp

sudo chmod 755 /sftp/backupsftp

sudo mkdir /sftp/backupsftp/backup

sudo chmod 755 /sftp/backupsftp/backup

sudo chown backupsftp:sftponly /sftp/backupsftp/backup

Then added to the bottom of the /etc/ssh/sshd_config file

Match Group sftponly
  ChrootDirectory %h
  ForceCommand internal-sftp
  AllowTcpForwarding no
  X11Forwarding no
Match all

And setted the following value (always in /etc/ssh/sshd_config file):

Subsystem sftp internal-sftp
Port 22
AddressFamily inet
ListenAddress 0.0.0.0
PermitRootLogin no
StrictModes yes

Finally I have restarted the services:

sudo systemctl restart ssh
sudo systemctl restart sshd

When I try to connect with WinScp I get this error: screenshot error

Linux syslogs:

Jun 24 14:46:53 bbserver systemd[1]: Created slice User Slice of backupsftp.
Jun 24 14:46:53 bbserver systemd[1]: Starting User Manager for UID 1005...
Jun 24 14:46:53 bbserver systemd[1]: Started Session 1350 of user backupsftp.
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error
Jun 24 14:46:53 bbserver systemd[13303]: gpgconf: fatal error (exit status 1)
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Timers.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG network certificate management daemon.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on REST API socket for snapd user session agent.
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:53 bbserver systemd[13303]: Listening on GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Sockets.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Paths.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Basic System.
Jun 24 14:46:53 bbserver systemd[13303]: Reached target Default.
Jun 24 14:46:53 bbserver systemd[13303]: Startup finished in 42ms.
Jun 24 14:46:53 bbserver systemd[1]: Started User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Stopping User Manager for UID 1005...
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Default.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Basic System.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Timers.
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Sockets.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent (ssh-agent emulation).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache.
Jun 24 14:46:54 bbserver systemd[13303]: Closed REST API socket for snapd user session agent.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG network certificate management daemon.
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).
Jun 24 14:46:54 bbserver systemd[13303]: Closed GnuPG cryptographic agent and passphrase cache (restricted).
Jun 24 14:46:54 bbserver systemd[13303]: Stopped target Paths.
Jun 24 14:46:54 bbserver systemd[13303]: Reached target Shutdown.
Jun 24 14:46:54 bbserver systemd[13303]: Starting Exit the Session...
Jun 24 14:46:54 bbserver systemd[13303]: Received SIGRTMIN+24 from PID 13381 (kill).
Jun 24 14:46:54 bbserver systemd[1]: Stopped User Manager for UID 1005.
Jun 24 14:46:54 bbserver systemd[1]: Removed slice User Slice of backupsftp.

Everything works correctly if the home directory of the user created resides on the main disk and not on the usb

53
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.