Hello, I am trying to setup a file server using the SFTP protocol with OpenSSH. I am in trouble because sshd refuses to chroot to a directory that is writable by users other than the owner. I guess that this is to prevent someone else from creating a .ssh/authorized_keys file and impersonate the user. But we have configured an alternative AuthorizedKeysFile. I also understand that a chroot user needs a layout for login (/bin/bash, ...) or for executing the external sftp-server, and that nobody should be allowed to change it. But for an SFTP server that only serves files, using the internal-sftp server, that should not be a problema. Note that this is extremely restrictive in practice. Even if one is very careful and only allows specific users to write (with acls) openssh refuses to chroot to that directory. And when one has to work with a speficied directory layout, required for compatibility with existing applications, it makes it very hard to implement a sftp file server. I would like to contribute a patch with an option StrictModesChrootDirectory . That option could be document with the reasons when it should not be used. Best regards. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
