LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   CentOS (https://www.linuxquestions.org/questions/centos-111/)
-   -   Centos 7 - SFTP, RSA-KEY and Chroot (https://www.linuxquestions.org/questions/centos-111/centos-7-sftp-rsa-key-and-chroot-4175576217/)

hero_xh 03-30-2016 10:14 AM
Centos 7 - SFTP, RSA-KEY and Chroot
 
Hi there,

I wish to set up a server as SFTP using RSA-KEY and Chroot.

My "/etc/ssh/sshd_config" file has the following configuration:

Quote:
Match Group sftp_group
X11Forwarding no
AllowTCPForwarding no
ChrootDirectory /var/www/html/XXX
ForceCommand internal-sftp
it is not working but if I modify the above for that it works:


Quote:
Match Group sftp_group
X11Forwarding no
AllowTCPForwarding no
ChrootDirectory /home
ForceCommand internal-sftp

So, my configuration is fine less this, it seems that if I change the ChrootDirectory for another different directory than /home doesn't work.

The user who try to sftp to /var/www/html/XXX has the right permission on /var/www/html/XXX.

Any suggestion?

Thanks

wpeckham 04-01-2016 07:20 AM
Check that documention
 
There are requirements for the ownership and permissions on the chroot home, AND THE FOLDER ABOVE IT, that need to be either met or explicitly disabled. I recommend meeting them, as there is no purpose in securing something and then adding a vulnerability for no reason.

I have set up chroot before using recent versions of OpenSSH, and have always been able to make it work. It IS picky, but then it is security software and SHOULD be!

hero_xh 04-05-2016 07:27 AM
Thanks for you answer!

I couldn't understand you really well to be honest...How can I enable the chroot for /var/www/html/XXX? it will be a risk although ....I would like to know how do it and afterwards choose :-)


Thanks!


All times are GMT -5. The time now is 07:49 AM.