We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
sftp chroot creates own redundant directory in /chroot
sftp chroot creates own redundant directory in /chroot
Hi
i just noticed that it seems like the sftp chroot plugin creates a new redundant directory in "/chroot".
This directory I can also find in the config file "/etc/ssh/sshd_config"
So for every VestaCP user I have several directories inside the chroot directory like this scheme "/chroot/*user*_*suffixForDomainOrSubdomainName*.
I have no clou what keeps the directory partly sync to the home directory and especially im wondering why it's not just the home directory which is configured in "/etc/ssh/sshd_config".
Unfortunately I can't find any proper documentation or further information about the sftp plugin. The only hint that the path of chroot is correct is this "ontop-plugin" which depends on the VestaCP sftp chroot plugin:
https://github.com/Skamasle/vestacp-jailkit-chroot
Here I was able to find the same path "/chroot/%u":
https://github.com/serghey-rodin/vesta/ ... -sftp-jail
Also here the config of the user shows the same path:
https://github.com/serghey-rodin/vesta/issues/655
Does anybody have an idea about that? It's a massive storage overhead caused by redundancy between "/home/*" and "/chroot/*" I'd like to avoid!
Is there any downside by using the native /home path for the sftp chroot procedure?
Looking forward to find out more information about how VestaCP fsftp chroot plugin works ;).
Thanks in advance and cheers!
i just noticed that it seems like the sftp chroot plugin creates a new redundant directory in "/chroot".
This directory I can also find in the config file "/etc/ssh/sshd_config"
Code: Select all
#Subsystem sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
Subsystem sftp internal-sftp
Match Group sftp-only
ChrootDirectory /chroot/%u
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
I have no clou what keeps the directory partly sync to the home directory and especially im wondering why it's not just the home directory which is configured in "/etc/ssh/sshd_config".
Unfortunately I can't find any proper documentation or further information about the sftp plugin. The only hint that the path of chroot is correct is this "ontop-plugin" which depends on the VestaCP sftp chroot plugin:
https://github.com/Skamasle/vestacp-jailkit-chroot
Here I was able to find the same path "/chroot/%u":
https://github.com/serghey-rodin/vesta/ ... -sftp-jail
Also here the config of the user shows the same path:
https://github.com/serghey-rodin/vesta/issues/655
Does anybody have an idea about that? It's a massive storage overhead caused by redundancy between "/home/*" and "/chroot/*" I'd like to avoid!
Is there any downside by using the native /home path for the sftp chroot procedure?
Looking forward to find out more information about how VestaCP fsftp chroot plugin works ;).
Thanks in advance and cheers!