User talk:Trustin
Latest comment: 28 November 2017 by Trustin in topic SFTP chroot
SFTP chroot
Thanks for the edits to SFTP chroot, please don't use echo, write the full edited file instead.
It works fine here without the edits thought, could you tell me more about your setup? Did you run sshd -d?
Francoism (talk) 07:59, 27 November 2017 (UTC)
Thanks for your feed back. It was my first contribution to this wiki and I appreciate your advice.
Without adding /usr/bin/nologin to /etc/shells, I kept getting 'permission denied' error when attempting to log in using the sftp command. journalctl shows:
Nov 27 09:18:00 porori sshd[30899]: Failed password for guest from 127.0.0.1 port 30966 ssh2
I just run sshd with usual systemd configuration. i.e. systemctl enable sshd.service
Here are some of the files in /etc/pam.d/ which may be relevant:
[root@porori pam.d]# cat sshd #%PAM-1.0 #auth required pam_securetty.so #disable remote root auth include system-remote-login account include system-remote-login password include system-remote-login session include system-remote-login
[root@porori pam.d]# cat system-remote-login #%PAM-1.0 auth include system-login account include system-login password include system-login session include system-login
[root@porori pam.d]# cat system-login #%PAM-1.0 auth required pam_tally.so onerr=succeed file=/var/log/faillog auth required pam_shells.so auth requisite pam_nologin.so auth include system-auth account required pam_access.so account required pam_nologin.so account include system-auth password include system-auth session optional pam_loginuid.so session optional pam_keyinit.so force revoke session include system-auth session optional pam_motd.so motd=/etc/motd session optional pam_mail.so dir=/var/spool/mail standard quiet -session optional pam_systemd.so session required pam_env.so