Hello,
I have set up a Debian Wheezy box as a simple SFTP server. I have created
an SFTP-only user account and configured SSH to jail the account to its
home directory with the following in sshd_config:
Subsystem sftp internal-sftp
Match group radius
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Where "radius" is the primary group for the SFTP user account. All of this
works fine when I connect using OpenSSH from another Linux box. I land in
the /home directory, but running "pwd" in the SFTP session shows that the
working directory is "/" and then I cannot navigate any further up the
filesystem tree. That's exactly what I would expect
However, if I connect using FileZilla, I see that I am in /home and I can
freely navigate the rest of the filesystem. What's up with that? I would
really like for this user account to be jailed regardless of the client,
and it seems to me like it should be, since this is a server-side
configuration.
Any help or insight would be greatly appreciated. Thanks!
--
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177
