1

I'm trying to give someone ssh access to a (Ubuntu 14.04) server I've got, but I want to limit them to their own home folder. So I'm trying to follow this tutorial.

I first created a user (sudo adduser jailuser) which made it possible to log in using jailuser. Then proceeding to trying to jail the user, I added the following to /etc/ssh/sshd_config (and restarted ssh):

Subsystem     sftp   internal-sftp
Match Group sftp
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

I then created the group sftp:

sudo groupadd sftp

and ran the following commands to change the jailuser:

sudo usermod -G sftp jailuser
sudo usermod -s /bin/false jailuser
sudo chown root:root /home/jailuser
sudo chmod 0755 /home/jailuser

The result is that I cannot log in anymore: ssh: connect to host xx.xxx.xx.223 port 22: Connection refused.

Since I'm kind of a newbie with server management I'm lost here. Does anybody know what I'm doing wrong? All tips/tricks are welcome!

kramer65
  • 1,442
  • 4
  • 26
  • 43

2 Answers2

2

I had this issue and the fix was to place "UsePAM yes" above the "Subsystem sftp internal-sftp" stanza. Restart ssh and it worked sraight up.

user104318
  • 21
1

I don't see anything obviously wrong with the sshd_config lines that you posted. It seems there are three possibilities here:

  1. Nothing is really wrong, but sshd needs to be started.
  2. sshd is able to run, but it's not listening on the right IP address or port.
  3. Something is preventing sshd from starting.

For all of the following, you'd have to be root on the ssh server host.

For (1), Run something like "ps -fe | grep sshd" to see if sshd is running or not. If not, try starting the ssh server. On Ubuntu, you'd run this:

/etc/init.d/ssh restart

If sshd is running, move on to (2). Check sshd_config for the ListenAddress or Port directives. These control which IP address and port the server will listen for connections on. In most cases, you'd leave these commented out (to use the default values) or set them to 0.0.0.0 and 22, respectively.

If you've tried to start sshd and it won't run, then start by checking the log files in /var/log for any messages from sshd. They may indicate what problem it's having. If that doesn't pan out, you can run sshd interactively with debugging:

/usr/sbin/sshd -ddd            # Listen on the default port 22
/usr/sbin/sshd -ddd -p 1022    # Listen on port 1022

sshd will stay connected to your terminal and print a bunch of debugging information. If it can't keep running for some reason, it ought to tell you why.

Kenster
  • 8,620