Date: Thu, 24 May 2018 12:47:09 +0100 From: tech-lists <tech-lists@zyxst.net> To: freebsd-questions@freebsd.org Cc: freebsd-stable@freebsd.org Subject: Re: trying to get sftp-only logins to work with a public keys Message-ID: <c6ee6cc8-3473-c267-bce1-135e5163aafb@zyxst.net> In-Reply-To: <cf258d06-919e-9bcd-6d85-d68cea358fde@zyxst.net> References: <cf258d06-919e-9bcd-6d85-d68cea358fde@zyxst.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24/05/2018 12:09, tech-lists wrote: > Hello list, > > I'm trying to get (chrooted) sftp login working with public keys. I made > a sftp-only user which works fine, and is chrooted. I created a .ssh > directory with 770 perms (root:user) and put their public key in there > with 600 perms (user:user) however when trying pubkey auth it always > falls back to keyboard-interactive (which will succeed when the password > is applied). I don't know why in key exchange it says it sent a packet > then didn't. Can anyone help please? > > Context is recent freebsd-11-stable, both client and server. > > I have this in /etc/ssh/sshd_config: > > Subsystem sftp internal-sftp > > Match User testsftp > ChrootDirectory /usr/home/testsftp > PubkeyAuthentication yes > X11Forwarding no > AllowTcpForwarding no > AuthorizedKeysFile /usr/home/testsftp/.ssh/authorized_keys > ForceCommand internal-sftp Solved this by setting perms on .ssh dir to be root:user 750 (and not 760 or 770) didn't see this documented anywhere so posting in the hope this helps others. -- J.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c6ee6cc8-3473-c267-bce1-135e5163aafb>