Hi there, most probably my bad, but got in a private dead-end with the case. Here it is: This is a fresh Gentooo Linux amd64 install, with openssh-5.1_p1-r2 compiled with the following USE flags (.configure options) [ Legend : Left column (U) - USE flags from make.conf ] [ : Right column (I) - USE flags packages was installed with ] [ Found these USE variables for net-misc/openssh-5.1_p1-r2 ] U I + + X : Adds support for X11 - - X509 : Adds support for X.509 certificate authentication - - hpn : Enable high performance ssh - - kerberos : Adds kerberos support - - ldap : Adds LDAP support (Lightweight Directory Access Protocol) - - libedit : Use the libedit library (replacement for readline) + + pam : Adds support PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip - - selinux : !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur - - skey : Enable S/Key (Single use password) authentication support - - smartcard : Enables smartcard support - - static : !!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically + + tcpd : Adds support for TCP wrappers The problem is when trying to use sftp in an internal-sftp chroot, client can not connect. Client - Filezilla - says: Quote: Fatal: unable to initialise SFTP on server: could not connect. server /var/log/messages says: : Accepted password for test from 87.97.48.6 port 12479 ssh2 : WARNING: /etc/ssh/moduli does not exist, using fixed modulus : Accepted password for test from 87.97.48.6 port 12480 ssh2 : WARNING: /etc/ssh/moduli does not exist, using fixed modulus etc. The chrooted user "test" is member of sftponly group, its /home is owned by root:root. It was created as a normal user otherwise. The sshd_conf is this (without lines commented out): Port 22 Protocol 2 LoginGraceTime 2m PermitRootLogin yes MaxAuthTries 6 MaxSessions 8 PasswordAuthentication yes X11Forwarding yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys Subsystem sftp internal-sftp Match Group sftponly ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp Also Match was created for User, this case ChrootDirecroty was full path to user homedir. The case is that if I sftp NOT chrooted, sftp client does not complain and all is ok. Help pls!
