ChrootDirectory doesn't work unless there is a child folder present

Ask Ubuntu Asked by Toodarday on January 30, 2021

I am attempting to allow only sFTP connections to a specific folder

/etc/ssh/sshd_config

PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem       sftp    /usr/lib/openssh/sftp-server
Match Group demouser
  # Force the connection to use SFTP and chroot to the required directory.
  ForceCommand internal-sftp
  ChrootDirectory /home/demouser/ftp/
  # Disable tunneling, authentication agent, TCP and X11 forwarding.
  PermitTunnel no
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

I then run the following commands to create the account/folder

groupadd demouser
useradd -g demouser -s /sbin/nologin demouser
chown root:root /home/demouser
chmod 755 /home/demouser/
cd /home/demouser/
mkdir ftp
chown demouser:demouser ftp

The issue I am facing is I am unable to connect when the ChrootDirectory is set to /home/demouser/ftp/ but it works fine when I set it as /home/demouser it doesn’t seem to work unless that is a child folder in the designated ChrootDirectory already made.

sftp ssh

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Joshua Engel on Why fry rice before boiling?
Jon Church on Why fry rice before boiling?
Peter Machado on Why fry rice before boiling?
haakon.io on Why fry rice before boiling?
Lex on Does Google Analytics track 404 page responses as valid page views?