SFTP authentication failing The Next CEO of Stack Overflowset up a chrooted SFTP login with OpenSSHCan't get Passwordless (SSH provided) SFTP workingCreating multiple SFTP users for one accountSecure SFTP Configuration that Allows SFTP User Write Accesschroot SFTP to another users subdirectoryHow can I setup ProFTP and SSHD_config to FTP and SFTP to the same directory on Ubuntu 12.04?Issue with SSH on RHEL while monitoring logs from SpectorSoft Server ManagerSFTP to a server is failing sometimessshd_config how to allow one user to have full unrestricted sftp and allow sshbad ownership or modes for chroot directory “/var/www”

Would a galaxy be visible from outside, but nearby?

How does the mv command work with external drives?

If the heap is initialized for security, then why is the stack uninitialized?

Preparing Indesign booklet with .psd graphics for print

Complex fractions

Why didn't Khan get resurrected in the Genesis Explosion?

Contours of a clandestine nature

Is it professional to write unrelated content in an almost-empty email?

Why do we use the plural of movies in this phrase "We went to the movies last night."?

Is it my responsibility to learn a new technology in my own time my employer wants to implement?

What is ( CFMCC ) on ILS approach chart?

Why do professional authors make "consistency" mistakes? And how to avoid them?

In excess I'm lethal

How to transpose the 1st and -1th levels of arbitrarily nested array?

Why do remote companies require working in the US?

Why does the UK parliament need a vote on the political declaration?

Why does standard notation not preserve intervals (visually)

What's the best way to handle refactoring a big file?

Return the Closest Prime Number

Why is the US ranked as #45 in Press Freedom ratings, despite its extremely permissive free speech laws?

Workaholic Formal/Informal

A "random" question: usage of "random" as adjective in Spanish

Written every which way

Novel about a guy who is possessed by the divine essence and the world ends?



SFTP authentication failing



The Next CEO of Stack Overflowset up a chrooted SFTP login with OpenSSHCan't get Passwordless (SSH provided) SFTP workingCreating multiple SFTP users for one accountSecure SFTP Configuration that Allows SFTP User Write Accesschroot SFTP to another users subdirectoryHow can I setup ProFTP and SSHD_config to FTP and SFTP to the same directory on Ubuntu 12.04?Issue with SSH on RHEL while monitoring logs from SpectorSoft Server ManagerSFTP to a server is failing sometimessshd_config how to allow one user to have full unrestricted sftp and allow sshbad ownership or modes for chroot directory “/var/www”










0















I am trying to setup sftp access for our customers to download or upload files. While trying to setup the directory permissions and user access I keep getting errors as such.



server1 sshd[21760]: Accepted password for user01 from 192.168.1.118 port 51026 ssh2
server1 sshd[21760]: pam_unix(sshd:session): session opened for user user01 by (uid=0)
server1 sshd[21775]: fatal: bad ownership or modes for chroot directory "/home/user01"
server1 sshd[21760]: pam_unix(sshd:session): session closed for user user01


I have the following setup in the sshd_config file:



Match Group sftp_users
ChrootDirectory %h
ForceCommand internal-sftp


Folder/file permissions show as this:



drwxr-xr-x 4 user01 sftp_users 4096 Mar 28 09:26 /home/user01


I have a mounted drive as such:



//windowserver/ftproot/customers/user01 on /home/user01 type cifs (rw)


What I am failing to understand/determine is if the user "user01" has read/write access to it's own home directory on the local machine, but when using ssh/sftp the error of "bad ownership/modes" is returned. Is it because the session for user01 is opened by uid=0? In this case the uid for user01 is 502, while the uid for root is 0.



If additional information is needed from what I have given here, please let me know and I'll post that info.






ssh samba fedora sftp







share|improve this question







New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • I forgot to include that if I comment out the ChrootDirectory parameter in sshd_config file that user01 is then able to connect via sftp but has full access to the server file structure (not at all ideal). That's why I'm using Chroot Directory to limit access to just the user's home directory.

    – Andrew
    yesterday











  • Have you seen this post? askubuntu.com/questions/134425/…

    – Joffrey
    yesterday











  • Thank you for this post, this (as well as another answer) helped me complete the configuration to meet the read/write access our customers will need.

    – Andrew
    6 hours ago











  • Hi Andrew, please consider removing your question or write an answer with your findings. This will help improve the quality of the content on ServerFault!

    – Joffrey
    4 hours ago
















0















I am trying to setup sftp access for our customers to download or upload files. While trying to setup the directory permissions and user access I keep getting errors as such.



server1 sshd[21760]: Accepted password for user01 from 192.168.1.118 port 51026 ssh2
server1 sshd[21760]: pam_unix(sshd:session): session opened for user user01 by (uid=0)
server1 sshd[21775]: fatal: bad ownership or modes for chroot directory "/home/user01"
server1 sshd[21760]: pam_unix(sshd:session): session closed for user user01


I have the following setup in the sshd_config file:



Match Group sftp_users
ChrootDirectory %h
ForceCommand internal-sftp


Folder/file permissions show as this:



drwxr-xr-x 4 user01 sftp_users 4096 Mar 28 09:26 /home/user01


I have a mounted drive as such:



//windowserver/ftproot/customers/user01 on /home/user01 type cifs (rw)


What I am failing to understand/determine is if the user "user01" has read/write access to it's own home directory on the local machine, but when using ssh/sftp the error of "bad ownership/modes" is returned. Is it because the session for user01 is opened by uid=0? In this case the uid for user01 is 502, while the uid for root is 0.



If additional information is needed from what I have given here, please let me know and I'll post that info.






ssh samba fedora sftp







share|improve this question







New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • I forgot to include that if I comment out the ChrootDirectory parameter in sshd_config file that user01 is then able to connect via sftp but has full access to the server file structure (not at all ideal). That's why I'm using Chroot Directory to limit access to just the user's home directory.

    – Andrew
    yesterday











  • Have you seen this post? askubuntu.com/questions/134425/…

    – Joffrey
    yesterday











  • Thank you for this post, this (as well as another answer) helped me complete the configuration to meet the read/write access our customers will need.

    – Andrew
    6 hours ago











  • Hi Andrew, please consider removing your question or write an answer with your findings. This will help improve the quality of the content on ServerFault!

    – Joffrey
    4 hours ago














0












0








0








I am trying to setup sftp access for our customers to download or upload files. While trying to setup the directory permissions and user access I keep getting errors as such.



server1 sshd[21760]: Accepted password for user01 from 192.168.1.118 port 51026 ssh2
server1 sshd[21760]: pam_unix(sshd:session): session opened for user user01 by (uid=0)
server1 sshd[21775]: fatal: bad ownership or modes for chroot directory "/home/user01"
server1 sshd[21760]: pam_unix(sshd:session): session closed for user user01


I have the following setup in the sshd_config file:



Match Group sftp_users
ChrootDirectory %h
ForceCommand internal-sftp


Folder/file permissions show as this:



drwxr-xr-x 4 user01 sftp_users 4096 Mar 28 09:26 /home/user01


I have a mounted drive as such:



//windowserver/ftproot/customers/user01 on /home/user01 type cifs (rw)


What I am failing to understand/determine is if the user "user01" has read/write access to it's own home directory on the local machine, but when using ssh/sftp the error of "bad ownership/modes" is returned. Is it because the session for user01 is opened by uid=0? In this case the uid for user01 is 502, while the uid for root is 0.



If additional information is needed from what I have given here, please let me know and I'll post that info.






ssh samba fedora sftp







share|improve this question







New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I am trying to setup sftp access for our customers to download or upload files. While trying to setup the directory permissions and user access I keep getting errors as such.



server1 sshd[21760]: Accepted password for user01 from 192.168.1.118 port 51026 ssh2
server1 sshd[21760]: pam_unix(sshd:session): session opened for user user01 by (uid=0)
server1 sshd[21775]: fatal: bad ownership or modes for chroot directory "/home/user01"
server1 sshd[21760]: pam_unix(sshd:session): session closed for user user01


I have the following setup in the sshd_config file:



Match Group sftp_users
ChrootDirectory %h
ForceCommand internal-sftp


Folder/file permissions show as this:



drwxr-xr-x 4 user01 sftp_users 4096 Mar 28 09:26 /home/user01


I have a mounted drive as such:



//windowserver/ftproot/customers/user01 on /home/user01 type cifs (rw)


What I am failing to understand/determine is if the user "user01" has read/write access to it's own home directory on the local machine, but when using ssh/sftp the error of "bad ownership/modes" is returned. Is it because the session for user01 is opened by uid=0? In this case the uid for user01 is 502, while the uid for root is 0.



If additional information is needed from what I have given here, please let me know and I'll post that info.






ssh samba fedora sftp




ssh samba fedora sftp






share|improve this question







New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









AndrewAndrew

1




1




New contributor




Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Andrew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • I forgot to include that if I comment out the ChrootDirectory parameter in sshd_config file that user01 is then able to connect via sftp but has full access to the server file structure (not at all ideal). That's why I'm using Chroot Directory to limit access to just the user's home directory.

    – Andrew
    yesterday











  • Have you seen this post? askubuntu.com/questions/134425/…

    – Joffrey
    yesterday











  • Thank you for this post, this (as well as another answer) helped me complete the configuration to meet the read/write access our customers will need.

    – Andrew
    6 hours ago











  • Hi Andrew, please consider removing your question or write an answer with your findings. This will help improve the quality of the content on ServerFault!

    – Joffrey
    4 hours ago


















  • I forgot to include that if I comment out the ChrootDirectory parameter in sshd_config file that user01 is then able to connect via sftp but has full access to the server file structure (not at all ideal). That's why I'm using Chroot Directory to limit access to just the user's home directory.

    – Andrew
    yesterday











  • Have you seen this post? askubuntu.com/questions/134425/…

    – Joffrey
    yesterday











  • Thank you for this post, this (as well as another answer) helped me complete the configuration to meet the read/write access our customers will need.

    – Andrew
    6 hours ago











  • Hi Andrew, please consider removing your question or write an answer with your findings. This will help improve the quality of the content on ServerFault!

    – Joffrey
    4 hours ago

















I forgot to include that if I comment out the ChrootDirectory parameter in sshd_config file that user01 is then able to connect via sftp but has full access to the server file structure (not at all ideal). That's why I'm using Chroot Directory to limit access to just the user's home directory.

– Andrew
yesterday





I forgot to include that if I comment out the ChrootDirectory parameter in sshd_config file that user01 is then able to connect via sftp but has full access to the server file structure (not at all ideal). That's why I'm using Chroot Directory to limit access to just the user's home directory.

– Andrew
yesterday













Have you seen this post? askubuntu.com/questions/134425/…

– Joffrey
yesterday





Have you seen this post? askubuntu.com/questions/134425/…

– Joffrey
yesterday













Thank you for this post, this (as well as another answer) helped me complete the configuration to meet the read/write access our customers will need.

– Andrew
6 hours ago





Thank you for this post, this (as well as another answer) helped me complete the configuration to meet the read/write access our customers will need.

– Andrew
6 hours ago













Hi Andrew, please consider removing your question or write an answer with your findings. This will help improve the quality of the content on ServerFault!

– Joffrey
4 hours ago






Hi Andrew, please consider removing your question or write an answer with your findings. This will help improve the quality of the content on ServerFault!

– Joffrey
4 hours ago











1 Answer
1






active

oldest

votes


















0














Chroot directory should be the parent of the target so in this case /home



ChrootDirectory /home





share|improve this answer








New contributor




Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "2"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );






    Andrew is a new contributor. Be nice, and check out our Code of Conduct.









    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960476%2fsftp-authentication-failing%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Chroot directory should be the parent of the target so in this case /home



    ChrootDirectory /home





    share|improve this answer








    New contributor




    Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
























      0














      Chroot directory should be the parent of the target so in this case /home



      ChrootDirectory /home





      share|improve this answer








      New contributor




      Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















        0












        0








        0







        Chroot directory should be the parent of the target so in this case /home



        ChrootDirectory /home





        share|improve this answer








        New contributor




        Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.










        Chroot directory should be the parent of the target so in this case /home



        ChrootDirectory /home






        share|improve this answer








        New contributor




        Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        share|improve this answer



        share|improve this answer






        New contributor




        Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.









        answered yesterday









        KoffeeKoffee

        14




        14




        New contributor




        Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.





        New contributor





        Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.






        Koffee is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
        Check out our Code of Conduct.




















            Andrew is a new contributor. Be nice, and check out our Code of Conduct.









            draft saved

            draft discarded


















            Andrew is a new contributor. Be nice, and check out our Code of Conduct.












            Andrew is a new contributor. Be nice, and check out our Code of Conduct.











            Andrew is a new contributor. Be nice, and check out our Code of Conduct.














            Thanks for contributing an answer to Server Fault!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960476%2fsftp-authentication-failing%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to write a 12-bar blues melodyI-IV-V blues progressionHow to play the bridges in a standard blues progressionHow does Gdim7 fit in C# minor?question on a certain chord progressionMusicology of Melody12 bar blues, spread rhythm: alternative to 6th chord to avoid finger stretchChord progressions/ Root key/ MelodiesHow to put chords (POP-EDM) under a given lead vocal melody (starting from a good knowledge in music theory)Are there “rules” for improvising with the minor pentatonic scale over 12-bar shuffle?Confusion about blues scale and chords

            Image
            Why is a set not a partition of itself? Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Labeling matrices/rectangles and drawing Sigma inside rectangle Unexpected Netflix account registered to my Gmail address - any way it could be a hack attempt? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Missouri raptors have wild hairdos Can someone explain homicide-related death rates? Why is tomato paste so cheap? What are the implications of the new alleged key recovery attack preprint on SIMON? Effects of ~10atm pressure on engine design Is taking modulus on both sides of an equation valid? Jumping frame contents with beamer and pgfplots Are there any established rules for splitting books into parts, chapters, sections etc? Anatomically Correct Carnivorous Tree Why do I get two different answers when solvi...
            Read more

            What if the end-user didn't have the required library?What is setup.py?What is a clean, pythonic way to have multiple constructors in Python?What does Ruby have that Python doesn't, and vice versa?What is the reason for having '//' in Python?How do I create a namespace package in Python?How to package shared objects that python modules depend on?setuptools vs. distutils: why is distutils still a thing?Navigation in Windows 10 vs code not going to virtualenv library when the same library is installed at user levelPython create package for local usePackaging a project that uses multiple python versionsWhy is permission denied on pip install except for when “--user” is included at end of command?

            Image
            Can a tourist shoot a gun in the USA? Will a coyote attack my dog on a leash while I'm on a hiking trail? Labeling matrices/rectangles and drawing Sigma inside rectangle How can I answer high-school writing prompts without sounding weird and fake? Is there ever any indication in the MCU as to how Spider-Man got his powers? Jumping frame contents with beamer and pgfplots Would an 8% reduction in drag outweigh the weight addition from this custom CFD-tested winglet? Is it possible to create different colors in rocket exhaust? German characters on US-International keyboard layout Does gravity affect the time evolution of a QM wave function? 51% attack - apparently very easy? refering to CZ's "rollback btc chain" - How to make sure such corruptible scenario can never happen so easily? Why are solar panels kept tilted? Is Germany still exporting arms to countries involved in Yemen? Unexpected Netflix account registered to my Gmail address - any wa...
            Read more

            Esgonzo ibérico Índice Descrición Distribución Hábitat Ameazas Notas Véxase tamén "Acerca dos nomes dos anfibios e réptiles galegos""Chalcides bedriagai"Chalcides bedriagai en Carrascal, L. M. Salvador, A. (Eds). Enciclopedia virtual de los vertebrados españoles. Museo Nacional de Ciencias Naturales, Madrid. España.Fotos

            Image
            escíncidospenínsula Ibéricaesgonzo comúnJacques von Bedriagaesgonzo comúndimorfismo sexualovovivíparaendémicaPenínsula IbéricaCordilleira CantábricaAsturiasPaís VascoGaliciaRías BaixasMurosCarnotaillas CíesOnsAtlánticoIllas CíesIlla de Onsilla do PesegueiroIlla de Sancti PetriMediterráneoMar MenorIlla de TabarcaGaliciaCantabriaBurgossolosdestrución do hábitatIUCN Abrir o menú principal Procurar Esgonzo ibérico Ler noutra lingua Vixiar esta páxina Editar function mfTempOpenSection(id)var block=document.getElementById("mf-section-"+id);block.className+=" open-block";block.previousSibling.className+=" open-block"; Esgonzo ibérico Estado de conservación Case ameazada Clasificaci...
            Read more