Hi there
I'm trying since a couple of days to setup a chrooted sftp access to a test obsd machine running apache. Ideally I would like to grant group access to update some web content but after checking all I found, I'm still unsuccessful
Here are the relevant details ...
Code:
# OpenBSD 4.3 GENERIC#0 i386
SFTPG=webgroup
SFTPU=webadmin
SFTPP=webadminpass
SFTPD=/var/www/htdocs/project
mkdir $SFTPD
groupadd -v $SFTPG
useradd -c "webadmin user" -d / -g $SFTPG -p $(encrypt -b 6 $SFTPP) -s /sbin/nologin $SFTPU
chown root:$SFTPG $SFTPD
chmod 0755 $SFTPD
Code:
# /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/sftp-server
Subsystem sftp internal-sftp
Match group $SFTPG
ChrootDirectory $SFTPD
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Code:
kill -HUP `cat /var/run/sshd.pid`
So, with the above setup, I'm granted access as 'webadmin' but
i don't have any write permissions.
Any attempt to change the group permissions, chmod g+w $SFTPD or similar, results in NOT being able to successfully start a session ...
Code:
psftp -v -l webadmin -pw webadminpass 192.168.1.50
Looking up host "192.168.1.50"
Connecting to 192.168.1.50 port 22
Server version: SSH-2.0-OpenSSH_4.8
We claim version: SSH-2.0-PuTTY_Release_0.60
Using SSH protocol version 2
Doing Diffie-Hellman group exchange
Doing Diffie-Hellman key exchange with hash SHA-256
Host key fingerprint is:
ssh-rsa 2048 b6:fb:6a:7b:ea:5e:1a:71:52:c9:a5:c5:d8:fa:61:27
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA1 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA1 server->client MAC algorithm
Using username "webadmin".
Keyboard-interactive authentication refused
Sent password
Access granted
Server unexpectedly closed network connection
Fatal: Server unexpectedly closed network connection
I feel it must be something very obvious, but I just don't see it
Any comments/remarks are most welcome
Luismi