sftp into chroot works fine, but debug messages reveil non-chroot authorized_keys absolute path

rdelangh

7/26/24, 8:26 PM

I have configured per-user chroot environments for SFTP to go into /somedir/jail/$user:

snippet from my /etc/ssh/sshd_config:

Match User myname
   AllowTcpForwarding no
   X11Forwarding no
   ChrootDirectory /somedir/jail/myname
   AuthorizedKeysFile /somedir/jail/myname/home/myname/.ssh/authorized_keys

This works fine:

% sftp myname@myserver
sftp> pwd
Remote working directory: /home/myname

However, when I add the debug options to the "sftp" command, the remote sshd reveils full path info of the "authorized_keys" files, which is not what we want to let discovered:

% sftp -v myname@myserver
OpenSSH_8.9p1 Ubuntu-3ubuntu0.1, OpenSSL 3.0.2 15 Mar 2022
...
debug1: Remote: /somedir/jail/myname/home/myname/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
...

Is there any way that the SSHD can be configured to not show this information, or no debug messages at all even though the client SFTP requested it with the "-v" options ?

0 + 0

sftp

chroot

sshd

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: sftp into chroot works fine, but debug messages reveil non-chroot authorized_keys absolute path

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.