[Bug 3446] New: ChrootDirectory - Broken Pipe

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 13 09:32:12 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3446

            Bug ID: 3446
           Summary: ChrootDirectory - Broken Pipe
           Product: Portable OpenSSH
           Version: 8.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sftp
          Assignee: unassigned-bugs at mindrot.org
          Reporter: dev.dorrejo at gmail.com

Created attachment 3597
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3597&action=edit
sftp -vvv

Hello, i am trying to setup an only sftp user, doing the next steps

$ useradd rose
$ passwd

$ chsh -s /dev/false or /dev/nologin


In the file sshd_config in /etc/ssh:

comment: #Subsystem      sftp    /usr/libexec/ssh/sftp-server

add the following line

Subsystem stfp internal-sftp

Match User rose
    X11Forwarding no
    AllowTcpForwarding no
    #AllowAgentForwarding no
    PermitTTY no
    PasswordAuthentication yes
    #ChrootDirectory /var/www/webdata
    #PermitTunnel no
    ForceCommand internal-sftp

restart the service after edit.

Now with this when i do:

$ sftp rose at localhost

i will get

$ sftp rose at localhost
(rose at localhost) Password: 
subsystem request failed on channel 0
Connection closed

when i uncomment ChrootDirectory, i will get the next output

$ sftp rose at localhost
(rose at localhost) Password: 
client_loop: send disconnect: Broken pipe
Connection closed


Dir permission
$ tree -pu /var/www/
[drwxr-xr-x rose    ]  /var/www/
└── [drwxr-xr-x rose    ]  webdata

have Saturday and today (Sunday) fighting with this issue, and only
left is create this bugreport looking for help.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list