trying to get sftp-only logins to work with a public keys
tech-lists
tech-lists at zyxst.net
Thu May 24 11:47:13 UTC 2018
On 24/05/2018 12:09, tech-lists wrote:
> Hello list,
>
> I'm trying to get (chrooted) sftp login working with public keys. I made
> a sftp-only user which works fine, and is chrooted. I created a .ssh
> directory with 770 perms (root:user) and put their public key in there
> with 600 perms (user:user) however when trying pubkey auth it always
> falls back to keyboard-interactive (which will succeed when the password
> is applied). I don't know why in key exchange it says it sent a packet
> then didn't. Can anyone help please?
>
> Context is recent freebsd-11-stable, both client and server.
>
> I have this in /etc/ssh/sshd_config:
>
> Subsystem sftp internal-sftp
>
> Match User testsftp
> ChrootDirectory /usr/home/testsftp
> PubkeyAuthentication yes
> X11Forwarding no
> AllowTcpForwarding no
> AuthorizedKeysFile /usr/home/testsftp/.ssh/authorized_keys
> ForceCommand internal-sftp
Solved this by setting perms on .ssh dir to be root:user 750 (and not
760 or 770) didn't see this documented anywhere so posting in the hope
this helps others.
--
J.
More information about the freebsd-stable
mailing list