sftp chroot with pubkey authentication broken?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


i am trying to setup a chrooted sftp server with the builtin
ChrootDirectory directive using OpenSSH 5.1.

So my /etc/ssh/sshd_config looks like this:

Match Group sftponly
    ChrootDirectory /home/sftponly/%u
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

In the /etc/passwd the users have their home directory set to "/home"
only. Then i created the directories in the filesystem as


Where /home/sftponly/user1 is owned by root and the home below is owned
by the user.

Everything works fine with plain password authentication, but when using
the public key authentication, sshd is searching for the authorized_keys
file in the wrong place:

I expected that sshd looks for the "authorized_keys" file in the
/home/sftponly/user1/home/.ssh directory. But unfortunately it seems to
ignore the chroot directive for this and searches for the file outside
the chroot environment only taking into account the users home
directory. In my case, it was /home/.ssh.

Is this behaviour intended or is it just broken?

I don't see any way to configure this in a reasonable way. Yes, i could
put the same path in the passwd, but then the full path of the users
home directory would end up with somehting linke this:


The .ssh directory would then be placed as this:


Not very nice. Do you have any idea how to work around this?


Site Timeline