Broke existing SFTP access by adding Users to Match User in sshd_config?











up vote
0
down vote

favorite












First, let me apologize with my lack of knowledge on ubuntu, I may not be in the right place if have the wrong OS OpenBSD 6.4 please let me know.



After following this guide I was able to login to the sftp server with only one sftp user. However after adding more users and using the csv format on match user in sshd_config it broke all users including my original user. This is the change I made below. I have since removed it and it still wont let the first SFTP only user in. I still have ssh and sftp access on my account, root is disabled.



Match User fo001sftp,fo002sftp,fo003sftp



The verbose login information.



fo001sftp@192.168.100.49's password:
Sent password
Access granted
Opening session as main channel
Server unexpectedly closed network connection
Fatal: Server unexpectedly closed network connection


I am failing on authentication with this as the error message in the /var/log/authlog



fatal: bad ownership or modes for chroot directory component "/home/fo001sftp/


here is my current sshd_config (without all of the commented outlines)



PermitRootLogin no
AuthorizedKeysFile .ssh/authorized_keys
PrintMotd no
PrintLastLog no
Subsystem sftp internal-sftp
Match User fo001sftp
PasswordAuthentication yes
X11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitTTY no
PermitTunnel no
ForceCommand internal-sftp
ChrootDirectory %h


When issue a ls command this is what i get:



Listing directory /home/fo001sftp
drwxr-xr-x 5 root fo001sftp 512 Nov 26 12:26 .
drwxr-xr-x 12 root wheel 512 Nov 26 14:29 ..
-rwxr-xr-x 1 fo001sftp fo001sftp 87 Nov 26 08:47 .Xdefaults
-rwxr-xr-x 1 fo001sftp fo001sftp 771 Nov 26 08:47 .cshrc
-rwxr-xr-x 1 fo001sftp fo001sftp 101 Nov 26 08:47 .cvsrc
-rwxr-xr-x 1 fo001sftp fo001sftp 359 Nov 26 08:47 .login
-rwxr-xr-x 1 fo001sftp fo001sftp 175 Nov 26 08:47 .mailrc
-rwxr-xr-x 1 fo001sftp fo001sftp 215 Nov 26 08:47 .profile
drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 08:47 .ssh
drwxr-xr-x 5 fo001sftp fo001sftp 512 Nov 26 12:26 CurrentMonth
drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 12:05 History


Where am i going wrongto fix the original user and how can i add more usersto this setup with their own /home directories?










share|improve this question


























    up vote
    0
    down vote

    favorite












    First, let me apologize with my lack of knowledge on ubuntu, I may not be in the right place if have the wrong OS OpenBSD 6.4 please let me know.



    After following this guide I was able to login to the sftp server with only one sftp user. However after adding more users and using the csv format on match user in sshd_config it broke all users including my original user. This is the change I made below. I have since removed it and it still wont let the first SFTP only user in. I still have ssh and sftp access on my account, root is disabled.



    Match User fo001sftp,fo002sftp,fo003sftp



    The verbose login information.



    fo001sftp@192.168.100.49's password:
    Sent password
    Access granted
    Opening session as main channel
    Server unexpectedly closed network connection
    Fatal: Server unexpectedly closed network connection


    I am failing on authentication with this as the error message in the /var/log/authlog



    fatal: bad ownership or modes for chroot directory component "/home/fo001sftp/


    here is my current sshd_config (without all of the commented outlines)



    PermitRootLogin no
    AuthorizedKeysFile .ssh/authorized_keys
    PrintMotd no
    PrintLastLog no
    Subsystem sftp internal-sftp
    Match User fo001sftp
    PasswordAuthentication yes
    X11Forwarding no
    AllowTcpForwarding no
    AllowAgentForwarding no
    PermitTTY no
    PermitTunnel no
    ForceCommand internal-sftp
    ChrootDirectory %h


    When issue a ls command this is what i get:



    Listing directory /home/fo001sftp
    drwxr-xr-x 5 root fo001sftp 512 Nov 26 12:26 .
    drwxr-xr-x 12 root wheel 512 Nov 26 14:29 ..
    -rwxr-xr-x 1 fo001sftp fo001sftp 87 Nov 26 08:47 .Xdefaults
    -rwxr-xr-x 1 fo001sftp fo001sftp 771 Nov 26 08:47 .cshrc
    -rwxr-xr-x 1 fo001sftp fo001sftp 101 Nov 26 08:47 .cvsrc
    -rwxr-xr-x 1 fo001sftp fo001sftp 359 Nov 26 08:47 .login
    -rwxr-xr-x 1 fo001sftp fo001sftp 175 Nov 26 08:47 .mailrc
    -rwxr-xr-x 1 fo001sftp fo001sftp 215 Nov 26 08:47 .profile
    drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 08:47 .ssh
    drwxr-xr-x 5 fo001sftp fo001sftp 512 Nov 26 12:26 CurrentMonth
    drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 12:05 History


    Where am i going wrongto fix the original user and how can i add more usersto this setup with their own /home directories?










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      First, let me apologize with my lack of knowledge on ubuntu, I may not be in the right place if have the wrong OS OpenBSD 6.4 please let me know.



      After following this guide I was able to login to the sftp server with only one sftp user. However after adding more users and using the csv format on match user in sshd_config it broke all users including my original user. This is the change I made below. I have since removed it and it still wont let the first SFTP only user in. I still have ssh and sftp access on my account, root is disabled.



      Match User fo001sftp,fo002sftp,fo003sftp



      The verbose login information.



      fo001sftp@192.168.100.49's password:
      Sent password
      Access granted
      Opening session as main channel
      Server unexpectedly closed network connection
      Fatal: Server unexpectedly closed network connection


      I am failing on authentication with this as the error message in the /var/log/authlog



      fatal: bad ownership or modes for chroot directory component "/home/fo001sftp/


      here is my current sshd_config (without all of the commented outlines)



      PermitRootLogin no
      AuthorizedKeysFile .ssh/authorized_keys
      PrintMotd no
      PrintLastLog no
      Subsystem sftp internal-sftp
      Match User fo001sftp
      PasswordAuthentication yes
      X11Forwarding no
      AllowTcpForwarding no
      AllowAgentForwarding no
      PermitTTY no
      PermitTunnel no
      ForceCommand internal-sftp
      ChrootDirectory %h


      When issue a ls command this is what i get:



      Listing directory /home/fo001sftp
      drwxr-xr-x 5 root fo001sftp 512 Nov 26 12:26 .
      drwxr-xr-x 12 root wheel 512 Nov 26 14:29 ..
      -rwxr-xr-x 1 fo001sftp fo001sftp 87 Nov 26 08:47 .Xdefaults
      -rwxr-xr-x 1 fo001sftp fo001sftp 771 Nov 26 08:47 .cshrc
      -rwxr-xr-x 1 fo001sftp fo001sftp 101 Nov 26 08:47 .cvsrc
      -rwxr-xr-x 1 fo001sftp fo001sftp 359 Nov 26 08:47 .login
      -rwxr-xr-x 1 fo001sftp fo001sftp 175 Nov 26 08:47 .mailrc
      -rwxr-xr-x 1 fo001sftp fo001sftp 215 Nov 26 08:47 .profile
      drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 08:47 .ssh
      drwxr-xr-x 5 fo001sftp fo001sftp 512 Nov 26 12:26 CurrentMonth
      drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 12:05 History


      Where am i going wrongto fix the original user and how can i add more usersto this setup with their own /home directories?










      share|improve this question













      First, let me apologize with my lack of knowledge on ubuntu, I may not be in the right place if have the wrong OS OpenBSD 6.4 please let me know.



      After following this guide I was able to login to the sftp server with only one sftp user. However after adding more users and using the csv format on match user in sshd_config it broke all users including my original user. This is the change I made below. I have since removed it and it still wont let the first SFTP only user in. I still have ssh and sftp access on my account, root is disabled.



      Match User fo001sftp,fo002sftp,fo003sftp



      The verbose login information.



      fo001sftp@192.168.100.49's password:
      Sent password
      Access granted
      Opening session as main channel
      Server unexpectedly closed network connection
      Fatal: Server unexpectedly closed network connection


      I am failing on authentication with this as the error message in the /var/log/authlog



      fatal: bad ownership or modes for chroot directory component "/home/fo001sftp/


      here is my current sshd_config (without all of the commented outlines)



      PermitRootLogin no
      AuthorizedKeysFile .ssh/authorized_keys
      PrintMotd no
      PrintLastLog no
      Subsystem sftp internal-sftp
      Match User fo001sftp
      PasswordAuthentication yes
      X11Forwarding no
      AllowTcpForwarding no
      AllowAgentForwarding no
      PermitTTY no
      PermitTunnel no
      ForceCommand internal-sftp
      ChrootDirectory %h


      When issue a ls command this is what i get:



      Listing directory /home/fo001sftp
      drwxr-xr-x 5 root fo001sftp 512 Nov 26 12:26 .
      drwxr-xr-x 12 root wheel 512 Nov 26 14:29 ..
      -rwxr-xr-x 1 fo001sftp fo001sftp 87 Nov 26 08:47 .Xdefaults
      -rwxr-xr-x 1 fo001sftp fo001sftp 771 Nov 26 08:47 .cshrc
      -rwxr-xr-x 1 fo001sftp fo001sftp 101 Nov 26 08:47 .cvsrc
      -rwxr-xr-x 1 fo001sftp fo001sftp 359 Nov 26 08:47 .login
      -rwxr-xr-x 1 fo001sftp fo001sftp 175 Nov 26 08:47 .mailrc
      -rwxr-xr-x 1 fo001sftp fo001sftp 215 Nov 26 08:47 .profile
      drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 08:47 .ssh
      drwxr-xr-x 5 fo001sftp fo001sftp 512 Nov 26 12:26 CurrentMonth
      drwxr-xr-x 2 fo001sftp fo001sftp 512 Nov 26 12:05 History


      Where am i going wrongto fix the original user and how can i add more usersto this setup with their own /home directories?







      permissions sftp chroot






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 26 at 20:49









      babyPenguin

      12




      12



























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1096288%2fbroke-existing-sftp-access-by-adding-users-to-match-user-in-sshd-config%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1096288%2fbroke-existing-sftp-access-by-adding-users-to-match-user-in-sshd-config%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          mysqli_query(): Empty query in /home/lucindabrummitt/public_html/blog/wp-includes/wp-db.php on line 1924

          How to change which sound is reproduced for terminal bell?

          Can I use Tabulator js library in my java Spring + Thymeleaf project?