I collected strace logs via the method described in the "Debugging a user account without shell in a jail (sftp, cvs, etc.)" section in, but am not well versed in how to interpret them, but the sftp-server process ends in: open("/dev/null", O_RDWR) = -1 EACCES (Permission denied) Transferred: sent 2032, received 2368 bytes, in 0.3 secondsīytes per second: sent 7511.3, received 8753.3 So I reverted that again, without changing anything else and now the sftp fails differently: debug1: Sending subsystem: sftpĭebug2: channel 0: request subsystem confirm 1ĭebug2: channel 0: open confirm rwindow 0 rmax 32768ĭebug2: channel_input_status_confirm: type 99 id 0ĭebug2: subsystem request accepted on channel 0ĭebug2: channel 0: output drain -> closedĭebug1: client_input_channel_req: channel 0 rtype exit-status reply 0ĭebug1: client_input_channel_req: channel 0 rtype reply 0ĭebug3: channel 0: will not send data after closeĭebug1: channel 0: free: client-session, nchannels 1ĭebug3: channel 0: status: The following connections are open: I changed the Subsystem sftp /usr/libexec/openssh/sftp-server to Subsystem sftp internal-sftp per some online recommendations, but while the connection now works, the user can browse outside of the chroot in FileZilla. Nothing in those logs, but I researched the error a bit and tested sftp locally ( sftp -vvv -P and that gave me another error ( subsystem request failed on channel 0). Submitted by JamieCameron on Fri, - 00:27 Comment #5 Īpr 12 11:49:40 host sshd: rexec line 47: Deprecated option RSAAuthenticationĪpr 12 11:49:40 host sshd: rexec line 142: Deprecated option KeyRegenerationIntervalĪpr 12 11:49:40 host sshd: rexec line 143: Deprecated option ServerKeyBits Īpr 12 11:49:36 host systemd: Stopping User Slice of. Īpr 12 11:49:36 host jk_chrootsh: now entering jail /home/chroot/15229146301946 for user (4032) with arguments -c /usr/libexec/openssh/sftp-serverĪpr 12 11:49:36 host jk_chrootsh: path /bin/sh is a symlinkĪpr 12 11:49:36 host jk_chrootsh: path /bin/sh is group writableĪpr 12 11:49:36 host jk_chrootsh: path /bin/sh is writable for othersĪpr 12 11:49:36 host systemd-logind: Removed session 7161.Īpr 12 11:49:36 host systemd: Removed slice User Slice of. Īpr 12 11:49:36 host systemd-logind: New session 7161 of user. Īpr 12 11:49:35 host systemd: Starting Session 7161 of user. Īpr 12 11:49:35 host systemd: Started Session 7161 of user. Īpr 12 11:49:35 host systemd: Starting User Slice of.
Apr 12 11:49:35 host systemd: Created slice User Slice of.