I would like to create sftp user account on Ubuntu server which has read/write access only to one specific folder. I would like this user to have rights to transfer files up and from my server via sftp. My server is hosted on Digital Ocean.
I have followed this tutorial on Digital Ocean which seems to do exactly what I want but I got stuck at Step 4.
Step 4 says that you try this command:
ssh sammyfiles@localhostAnd result should be:
Error message
This service allows sftp connections only.
Connection to localhost closed.Instead my result is:
packet_write_wait: Connection to 207.154.238.143 port 22: Broken pipe
Connection closedNext it instructs running this, which should obviously work:
sftp sammyfiles@localhostThe result should be:
SFTP prompt
Connected to localhost.
sftp>but instead I get:
forge@BitCloud:~$ sftp misjah@localhost
misjah@localhost's password:
packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe
Couldn't read packet: Connection reset by peerI get the same message if I want to sftp with this newly created user from outside:
prmbair:~ primozrome$ sftp
's password:
packet_write_wait: Connection to 207.154.238.143 port 22: Broken pipe
Connection closed
prmbair:~ primozrome$ What am I doing wrong?
Update from comments:Seems like problem is in the sshd_config - ChrootDirectory line. If I use ChrootDirectory %h then sftp to users home directory works, but if I use ChrootDirectory /home/user/uploads (to restrict only to one folder) then:
packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe.
Couldn't read packet: Connection reset by peer. Any idea?
32 Answers
From
ChrootDirectory Specifies the pathname of a directory to chroot(2) to after authentication. At session startup sshd(8) checks that all components of the pathname are root-owned directories which are not writable by any other user or group.
I had the same problem and the solution was to avoid using a directory in a user's home, as the /home/user directory should not be owned by root, but to create instead a directory in e.g. /var/sftp/uploads, where /var/sftp/ is root owned and /var/sftp/uploads is owned by the sftp user. Then I can chroot the sftp user in uploads.
ChrootDirectory /var/sftpin /etc/ssh/sshd_config
I think there is a mistaken about the rights...
Could you show us the return of the command ls -l in your directory /var/sftp please ?
I think /var/sftp have 755 rights but not /var/sftp/uploads because the chmod command isn't recursive if we don't tell it, so you would have to type :sudo chmod 755 -R /var/sftp (the -R parameter for recursive).
With -R, all subdirectories in /var/sftp will have 755 rights.
Could you try it please ?
Good luck !
1
