Implementing chroot directory for sftp users

Question

I am running OpenSSH64 on a Windows 2012 environment. OpenSSH64 is running and I can access the server. I have modified the sshd_config file with no success.

I have made the following changes:

Subsystem sftp C:\OpenSSH-Win64\sftp-server.exe 

Match User sftponly-user 
X11Forwarding no 
AllowTcpForwarding no 
ForceCommand internal-sftp 
ChrootDirectory %h

I have also tried

ChrootDirectory C:\User_Specific_Directory\

We are trying to generate logs to verify that the changes we make in the sshd_config file are being applied. However, we receive the following error in the log:

3784 11:00:17 087 error: accept: The operation completed successfully.

Does anyone have a working example of chrooting a user to a specific directory?

Possible duplicate of openSSH connection reset by peer -- something similar will work on windows too — Jakuje, May 31 '16 at 19:52

score 0 · Answer 1 · answered Jan 31 '18 at 16:38

0

This feature has not been implemented in OpenSSH for Windows (basically because it's hard): https://github.com/PowerShell/Win32-OpenSSH/issues/190

answered Jan 31 '18 at 16:38

EM0

1,842

2

FYI, support was added in v7.7.0.0 (https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_server_configuration#chrootdirectory-support-added-in-v7700) – bfhd Aug 21 '19 at 22:19

score 0 · Answer 2 · answered May 18 '21 at 17:34

Default OpenSSH config file location: C:\ProgramData\ssh

File name: ssh_config

Match User <windows_login_user_name>
    ChrootDirectory C:\0-Websites\myapp.com
    X11Forwarding no
    PermitTTY no
    AllowTcpForwarding no
    ForceCommand sftp-server.exe

NOTE: All user name should be lower case.

Implementing chroot directory for sftp users

2 Answers2