sftp chroot creates own redundant directory in /chroot
Posted: Sun Mar 03, 2019 9:28 pm
Hi
i just noticed that it seems like the sftp chroot plugin creates a new redundant directory in "/chroot".
This directory I can also find in the config file "/etc/ssh/sshd_config"
So for every VestaCP user I have several directories inside the chroot directory like this scheme "/chroot/*user*_*suffixForDomainOrSubdomainName*.
I have no clou what keeps the directory partly sync to the home directory and especially im wondering why it's not just the home directory which is configured in "/etc/ssh/sshd_config".
Unfortunately I can't find any proper documentation or further information about the sftp plugin. The only hint that the path of chroot is correct is this "ontop-plugin" which depends on the VestaCP sftp chroot plugin:
https://github.com/Skamasle/vestacp-jailkit-chroot
Here I was able to find the same path "/chroot/%u":
https://github.com/serghey-rodin/vesta/ ... -sftp-jail
Also here the config of the user shows the same path:
https://github.com/serghey-rodin/vesta/issues/655
Does anybody have an idea about that? It's a massive storage overhead caused by redundancy between "/home/*" and "/chroot/*" I'd like to avoid!
Is there any downside by using the native /home path for the sftp chroot procedure?
Looking forward to find out more information about how VestaCP fsftp chroot plugin works ;).
Thanks in advance and cheers!
i just noticed that it seems like the sftp chroot plugin creates a new redundant directory in "/chroot".
This directory I can also find in the config file "/etc/ssh/sshd_config"
Code: Select all
#Subsystem sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /chroot/%u
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
I have no clou what keeps the directory partly sync to the home directory and especially im wondering why it's not just the home directory which is configured in "/etc/ssh/sshd_config".
Unfortunately I can't find any proper documentation or further information about the sftp plugin. The only hint that the path of chroot is correct is this "ontop-plugin" which depends on the VestaCP sftp chroot plugin:
https://github.com/Skamasle/vestacp-jailkit-chroot
Here I was able to find the same path "/chroot/%u":
https://github.com/serghey-rodin/vesta/ ... -sftp-jail
Also here the config of the user shows the same path:
https://github.com/serghey-rodin/vesta/issues/655
Does anybody have an idea about that? It's a massive storage overhead caused by redundancy between "/home/*" and "/chroot/*" I'd like to avoid!
Is there any downside by using the native /home path for the sftp chroot procedure?
Looking forward to find out more information about how VestaCP fsftp chroot plugin works ;).
Thanks in advance and cheers!