Created attachment 3597 [details] sftp -vvv Hello, i am trying to setup an only sftp user, doing the next steps $ useradd rose $ passwd $ chsh -s /dev/false or /dev/nologin In the file sshd_config in /etc/ssh: comment: #Subsystem sftp /usr/libexec/ssh/sftp-server add the following line Subsystem stfp internal-sftp Match User rose X11Forwarding no AllowTcpForwarding no #AllowAgentForwarding no PermitTTY no PasswordAuthentication yes #ChrootDirectory /var/www/webdata #PermitTunnel no ForceCommand internal-sftp restart the service after edit. Now with this when i do: $ sftp rose@localhost i will get $ sftp rose@localhost (rose@localhost) Password: subsystem request failed on channel 0 Connection closed when i uncomment ChrootDirectory, i will get the next output $ sftp rose@localhost (rose@localhost) Password: client_loop: send disconnect: Broken pipe Connection closed Dir permission $ tree -pu /var/www/ [drwxr-xr-x rose ] /var/www/ └── [drwxr-xr-x rose ] webdata have Saturday and today (Sunday) fighting with this issue, and only left is create this bugreport looking for help.
(In reply to dev.dorrejo from comment #0) [...] > when i uncomment ChrootDirectory, i will get the next output > > $ sftp rose@localhost > (rose@localhost) Password: > client_loop: send disconnect: Broken pipe > Connection closed > > > Dir permission > $ tree -pu /var/www/ > [drwxr-xr-x rose ] /var/www/ > └── [drwxr-xr-x rose ] webdata All components of the ChrootDir path need to be owned by root and mode 755 or stricter. Quoting sshd_config(5): At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group If that's not it, please run sshd in debug mode (/path/to/sshd -ddde -p 2222, then add -P 222 to your sftp command) and and attach the output to this bug. Also, what's the "Other" hardware platform and what distro is this?
Created attachment 3598 [details] logs of sshd
Settings: Subsystem stfp internal-sftp LogLevel DEBUG3 Match User rose #PasswordAuthentication yes ChrootDirectory /var/www/webdata #PermitTunnel no #AllowAgentForwarding no #AllowTcpForwarding no #X11Forwarding no ForceCommand internal-sftp Folder: tree -up /var/www [drwxr-xr-x root ] /var/www └── [drwxr-xr-x root ] webdata
Here's the problem: > debug2: subsystem request for sftp by user rose > subsystem request for sftp by user rose failed, subsystem not found because it looks like you typoed "sftp" in your config: > Subsystem stfp internal-sftp
Thanks for the assistance, that miss spelled word make the world impossible for me, but sadly sshd never fail to this.
(In reply to dev.dorrejo from comment #6) > Thanks for the assistance, You're welcome. > that miss spelled word make the world > impossible for me, but sadly sshd never fail to this. Unfortunately subsystems can have arbitrary names so your configuration was perfectly valid, just not what you intended.
Closing bugs from openssh-9.1 release cycle
OpenSSH 9.3 has been released. Close resolved bugs