OpenSSH CHROOT for Windows 12 - Restrict SFTP to specific folder does not work

[karn2020]

I have portable OpenSSH setup and services for sshd and agent are configured from the OpenSSH folder (C:\OpenSSH-Win64). Also we have changed the default port and it is working fine.

I have referred the earlier post https://github.com/PowerShell/Win32-OpenSSH/issues/190 about setting CHROOT, but user is redirecting to it's home directory i.e. "/C:/Users/testuser" (username = "testuser") instead of mentioned ChrootDirectory.

Below are configuration of my sshd_config_default file

ForceCommand internal-sftp
Match User testuser
Subsystem  sftp   sftp-server.exe -d "/E:/SHARED_LOCATION/ABC"
ChrootDirectory /E:/SHARED_LOCATION/ABC

PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
AllowUsers testuser 

Please let me know if I am missing anything.

Permissions for E:\SHARED_LOCATION are Read & Execute

Also is it possible to have 2 different users or groups have different ChrootDirectory settings in ssh_config_default ?

[eabase]

Why does your sshd_config file look so "weird"?

• The order of commands are totally different from default...
• you use both ForceCommand internal-sftp and Subsystem sftp sftp-server.exe, which is most likely wrong.
• You put the Match User testuser in between when it should be somewhere last in that file.
• You say you use sshd_config_default which is not a recognized filename AFAIK.

[karn2020]

Even after changing settings as below , it is not redirecting to proper folder (E:\SHARED_LOCATION\ABC)

AllowAgentForwarding no
PermitTunnel no
#AllowTcpForwarding no
#X11Forwarding no
#AllowUsers testuser

ForceCommand internal-sftp
#Match User testuser
ChrootDirectory /E:/SHARED_LOCATION/ABC
AllowTcpForwarding no
PermitTTY no
X11Forwarding no
Match User testuser

[ChamkhiAnas]

I have the same issue as @karn2020 mentionned here