The config
Match Group sftpusers
ChrootDirectory /mnt/RAID1Array/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
#ssh(fs) error: "client_loop: send disconnect: Broken pipe"
lucid comet
If the username is rkarrayuser Then the directory must exist /mnt/RAID1Array/rkarrayuser
It should be something like this
/mnt/RAID1Array/
└── rkarrayuser/
└── files/
# 1. Create the user (without specifying -d or -p)
sudo useradd -m -G sftpusers -s /usr/sbin/nologin rkarrayuser
# 2. Set a proper password
sudo passwd rkarrayuser
# 3. Create the chroot root owned by root
sudo mkdir -p /mnt/RAID1Array/rkarrayuser
sudo chown root:root /mnt/RAID1Array/rkarrayuser
sudo chmod 755 /mnt/RAID1Array/rkarrayuser
# 4. Create a writable subdirectory for the user
sudo mkdir /mnt/RAID1Array/rkarrayuser/uploads
sudo chown rkarrayuser:sftpusers /mnt/RAID1Array/rkarrayuser/uploads
sudo chmod 755 /mnt/RAID1Array/rkarrayuser/uploads
You did restart sshd, right?
Use internal-sftp without PAM shell check, make sure in /etc/ssh/sshd_config you have
Match Group sftpusers
ChrootDirectory /mnt/RAID1Array/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Then, don’t rely on the shell at all. /usr/sbin/nologin is fine if you also add it to /etc/shells.
echo "/usr/sbin/nologin" | sudo tee -a /etc/shells
This tells PAM and SSH that it’s a valid shell for SFTP users. Then restart SSH sudo systemctl restart sshd
lucid comet
# Fix chroot root directory
sudo chown root:root /mnt/RAID1Array/rkarrayuser
sudo chmod 755 /mnt/RAID1Array/rkarrayuser
# Create writable directory inside chroot
sudo mkdir -p /mnt/RAID1Array/rkarrayuser/uploads
# Give user access only to that subdir
sudo chown rkarrayuser:sftpusers /mnt/RAID1Array/rkarrayuser/uploads
sudo chmod 755 /mnt/RAID1Array/rkarrayuser/uploads
Even group write or user write on the chroot root breaks it. ls -ld /mnt/RAID1Array/rkarrayuser?
true lance
sshfs error: "client_loop: send disconnect: Broken pipe"