Topic: SFTP for root

Hi there!

I've installed MySecureShell for using with lshell for chrooting my users at sftp and ssh.
It works fine, but after I've changed /etc/ssh/sshd_config to enter "Subsystem sftp /bin/MySecureShell -c sftp-server", my root user can't work with SFTP. When I'm trying to connect, it says

Listing directory /root/
Error:    Unable to open .: permission denied

Please, could you give me an advice, how I could make my root working with SFTP.

Thanks.

Re: SFTP for root

Hi,

What's the content of MySecureShell log (default: /var/log/sftp-server.log) ?
And you MySecureShell configuration ?

Re: SFTP for root

teka wrote:

Hi,

What's the content of MySecureShell log (default: /var/log/sftp-server.log) ?
And you MySecureShell configuration ?


Hello, teka and thanks for the reply.

Here's the log cut:

2011-04-08 13:41:26 [8876]New client [root] from [my.ip.add.ress]
2011-04-08 13:41:26 [8876][root][my.ip.add.ress]Couldn't go to home '/home/root' : No such file or directory
2011-04-08 13:41:26 [8876][root][my.ip.add.ress]Couldn't chroot : No such file or directory
2011-04-08 13:41:44 [8876][root][my.ip.add.ress]Quit.
2011-04-08 13:41:55 [8881]New client [root] from [my.ip.add.ress]
2011-04-08 13:41:55 [8881][root][my.ip.add.ress]Couldn't go to home '/home/root' : No such file or directory
2011-04-08 13:41:55 [8881][root][my.ip.add.ress]Couldn't chroot : No such file or directory
2011-04-08 13:42:15 [8881][root][my.ip.add.ress]Quit.

Configuration is default, I didn't change anything.

Re: SFTP for root

Hi,

Default value for tag "Home" is invalid for user "root".
Just comment or delete the line:

Home                    /home/$USER

It will be better smile

Re: SFTP for root

teka wrote:

Hi,

Default value for tag "Home" is invalid for user "root".
Just comment or delete the line:

Home                    /home/$USER

It will be better smile

And what if I want other users to have this home? May I change "Home" only for one user?

Thanks.

Re: SFTP for root

Korben wrote:
teka wrote:

Hi,

Default value for tag "Home" is invalid for user "root".
Just comment or delete the line:

Home                    /home/$USER

It will be better smile

And what if I want other users to have this home? May I change "Home" only for one user?

Thanks.

Hm. I've commented Home, and now my root user is chrooted at /root and has no access to /. How can I disable any restrictions for root?

Re: SFTP for root

Hi,

By default a user is in his home (so tag "Home" isn't needed in this case).

To apply some tags for one user, you should user "User": http://mysecureshell.sourceforge.net/en/User.html.
Then set "VirtualChroot" to "false" for user "root".

Re: SFTP for root

Thanks, teka.

VirtualChroot directive is what I've needed.