Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard

Published 20 hours ago verified publisher icon PowerShell

Windows OpenSSH SFTP chroot directory user match not working

Open zveroboy152 opened this issue 2 years ago • 8 comments

Troubleshooting steps https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps

Terminal issue? please go through wiki https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH

Please answer the following

5435438Capture

Client OperatingSystem Windows 10 21H2 Enterprise running winSCP

What is failing Matcher User w/ Chroot flag:

Match User tyler.lindberg #AllowTcpForwarding no ChrootDirectory F:\SFTP-Root\SystemOps #ForceCommand internal-sftp

Expected output Land user's matched chroot:

Match User tyler.lindberg #AllowTcpForwarding no ChrootDirectory F:\SFTP-Root\SystemOps #ForceCommand internal-sftp

Actual output

It lands the user in their home directory instead

zveroboy152 avatar May 20 '22 20:05 zveroboy152

What is the version of the OpenSSH client and the server?

vthiebaut10 avatar May 26 '22 20:05 vthiebaut10

Both versions are: 8.9.1.0

I also cannot get SFTP to work.

Try to install OpenSSH-x64-v8.9.1.0.msi (either 32bit or 64) and try to SFTP to it, it does not work.

zveroboy152 avatar Jun 01 '22 00:06 zveroboy152

I've tried version 8.9.0.0 and 8.9.1.0 and neither one is starting the OpenSSH service when I use Subsystem with the parameter "-d "C:\FTP"" As a workarround i've installed 8.6.0.0 which has no problem starting the server with this configuration.

Here is my conf:

Subsystem	sftp	sftp-server.exe -d "C:\FTP\"
Match User XXX\test
	ChrootDirectory C:\FTP\tmp2					   
	AuthenticationMethods password
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

The server OS is Windows Server 2022 Datacenter Azure Edition The client OS is Windows 11 Enterprise, with the latest updates using WinSCP 5.21

isandulache avatar Jun 20 '22 10:06 isandulache

Hi @isandulache ,

I was able to get my service to start too, but using a configuration super close to yours, it will only drop the matched user into the "F:\SFTP-Root", not the chroot directory: "F:\SFTP-Root\SystemOps"

Config:

override default of no subsystems

Subsystem sftp sftp-server.exe -d "F:\SFTP-Root"

match User domain\first.last ChrootDirectory F:\SFTP-Root\SystemOps
AuthenticationMethods password PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no

zveroboy152 avatar Jun 21 '22 23:06 zveroboy152

Closing since this doesn't work, and won't work ever it seems. :-(

zveroboy152 avatar Aug 07 '22 00:08 zveroboy152

@zveroboy152 Sorry about the delay to respond. I didn't see that the issue was updated. I will re-open the issue and investigate it further.

vthiebaut10 avatar Aug 08 '22 15:08 vthiebaut10

I happen to be looking for a solution to this problem too!

I use log debug3 to see the message that sftp-server.exe cannot be found in C:\Windows\System32 I manually copied sftp-server.exe to C:\Windows\System32 restart openssh service you can use sftp mode

hope to help you

godown70 avatar Oct 04 '22 14:10 godown70

this worked for me.

Subsystem sftp sftp-server.exe -d "C:\Call Center" Match User sftplnig ChrootDirectory "C:\Call Center"
AuthenticationMethods password PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no

algorithmcorp avatar Apr 26 '23 13:04 algorithmcorp