Thus said Pete Vickers on Mon, 13 Sep 2010 16:32:08 +0200: > r...@container ~> tail /etc/ssh/sshd_config > # all non-wheel users should be chrooted to home and sftp only > # > Match Group !wheel > ForceCommand internal-sftp > ChrootDirectory /home > AllowTcpForwarding no > X11Forwarding no
The first problem is your Match command. The documentation seems to indicate that the negation character `!' is only to be used in a pattern-list which is defined as ``a comma-separated list of patterns.'' I suspect that your Match pattern is not working correctly. Try Match User pete and see if it succeeds as you expect. Probably what you should do is create a special chroot group and add all the users that you want to impose this upon to that group. The second problem is that your ChrootDirectory is not structured properly. When authentication happens, it will chroot there and then it will attempt to change directory to the users home directory, however, you haven't indicated whether or not you created one: /home/home/pete Without this structure, when the chroot happens, the user will be chroot'ed to /home and then will have to do his own cd to pete and all user directories will be found in /. Andy
