On 16 April 2013 18:24, Stefan Johnson <tigerphoenixdra...@gmail.com> wrote: > On Mon, Apr 15, 2013 at 11:25 PM, f5b <f...@163.com> wrote: > >> server >> kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 >> MDT 2013 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> >> /etc/ssh/sshd_config >> only add after last line >> >> Match Group share >> ForceCommand internal-sftp >> ChrootDirectory /home/chroot/ >> >> # sshd -t ##ok >> >> # mkdir /home/chroot/ >> >> # adduser share >> >> frome other machine, >> the user share can not sftp to the server, >> but same config in Mar 1 snapshot, sftp is ok. >> >> > 1) Add user. Make sure home directory is owned by root:wheel. My example > uses "anonftp" and the home directory is "/home/anonftp" > # grep anonftp /etc/passwd > anonftp:*:1004:10::/home/anonftp:/usr/bin/false > # ls -ld /home/anonftp > drwxr-xr-x 4 root wheel 512 Aug 22 2012 /home/anonftp > > 2) Make chroot home directory, and give it appropriate ownership and > permissions to your needs: > # ls -ld /home/anonftp/home > drwxr-xr-x 3 root users 512 Aug 22 2012 /home/anonftp/home > # ls -ld /home/anonftp/home/anonftp > drwxr-xr-x 2 anonftp users 512 Jan 16 13:13 /home/anonftp/home/anonftp > > 3) Ensure the Match block is set the way you want it. > Match User anonftp > X11Forwarding no > AllowTcpForwarding no > ForceCommand internal-sftp > ChrootDirectory /home/anonftp > > If you wanted to allow full on connections (not just sftp) you would also > need to set up tty devices and such in the chroot jail. Since this is just > sftp, the above should be sufficient. > > This is how I have it set up on my system, and it works fine. > > Hope this helps!
Hello Stefan, so you surely were running current, right? Mine was working previously but update to the latest snapshot (that was about a week ago) broke it. Tried few things but no cigar. I'll try to report with more details if I find time. -- Sincerely, Ville Valkonen
