In this comprehensive guide, we will walk you through the process of fixing the SFTP Chroot error: Broken Pipe in Ubuntu 20.04. This error typically occurs when you are trying to establish SFTP-only users jailed to their home directory.
To fix the SFTP Chroot error: Broken Pipe in Ubuntu 20.04, you need to modify the sshd_config file, set ownership and permissions for the /home/sftp directory, and create users with the correct settings. These steps will help you establish SFTP-only users jailed to their home directory and resolve the broken pipe error.
Understanding the Error
The “Broken Pipe” error in SFTP Chroot generally happens when there’s a problem with the connection between the client and the server. It’s a common issue when trying to set up SFTP-only users with restricted access to their home directory.
Prerequisites
Before we start, ensure that you have:
- A server running Ubuntu 20.04.
- Sudo or root privileges to modify system files and settings.
Step 1: Update sshd_config file
First, we need to modify the sshd_config file, which is the main configuration file for the SSH server. Open the file using a text editor of your choice. Here, we’ll use nano.
sudo nano /etc/ssh/sshd_configAdd the following lines to the end of the file:
Subsystem sftp internal-sftp
Match Group sftponly
ForceCommand internal-sftp -d /%u
PasswordAuthentication yes
ChrootDirectory /home/sftp/%u
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noHere’s what each line does:
Subsystem sftp internal-sftp: This line sets the SFTP server to use the internal-sftp subsystem, which is necessary for the chroot environment.Match Group sftponly: This line matches any user in the ‘sftponly’ group.ForceCommand internal-sftp -d /%u: This line forces the connection to use the SFTP protocol and sets the default directory to the user’s home directory.PasswordAuthentication yes: This line allows users to authenticate using their passwords.ChrootDirectory /home/sftp/%u: This line sets the chroot directory to the user’s home directory within the/home/sftpdirectory.PermitTunnel no,AllowAgentForwarding no,AllowTcpForwarding no,X11Forwarding no: These lines disable various types of forwarding, increasing the security of the connection.
After adding these lines, save and close the file.
Step 2: Set Ownership and Permissions for /home/sftp
Next, we need to set the correct ownership and permissions for the /home/sftp directory. This is necessary to ensure the security and isolation of each user’s files. Run the following commands:
sudo chown root:root /home/sftp
sudo chmod 0711 /home/sftpHere, chown root:root /home/sftp changes the ownership of the directory to the root user and group, while chmod 0711 /home/sftp sets the permissions so that only the owner (root) can write to the directory, but others can enter and access their own directories within it.
Step 3: Create Users with Correct Settings
Now, we can create users with the correct settings. For this example, we’ll create a user named ‘batman’. Run the following commands:
sudo adduser --quiet --disabled-password --shell /bin/false --no-create-home --gecos "User" batman
echo "batman:batman123" | sudo chpasswd
sudo usermod -a -G sftponly batman
sudo install -d -m 0755 /home/sftp/batman -o batman -g sftponlyThese commands do the following:
adduser --quiet --disabled-password --shell /bin/false --no-create-home --gecos "User" batman: This command creates a new user named ‘batman’ with a disabled password, no shell, and no home directory.echo "batman:batman123" | sudo chpasswd: This command sets the password for ‘batman’ to ‘batman123’.usermod -a -G sftponly batman: This command adds ‘batman’ to the ‘sftponly’ group.install -d -m 0755 /home/sftp/batman -o batman -g sftponly: This command creates the home directory for ‘batman’ in/home/sftp/batmanwith the correct ownership and permissions.
Final Thoughts
With these changes, users will only have access to their own directory (/home/sftp/batman), and upon login, they will appear to be within / (which is actually /home/sftp/batman). They will not be able to navigate to /home/sftp and see a list of other users.
Remember, if you encounter an error when changing the directory ownership, make sure to use the correct group name (sftponly) when setting the ownership.
By following these steps, you should be able to fix the SFTP Chroot error: Broken Pipe in Ubuntu 20.04. If you have any questions or run into any issues, feel free to ask in the comments section below.
SFTP Chroot is a method of restricting SFTP users to their home directory, providing a more secure environment by isolating their access to the server.
The "Broken Pipe" error usually occurs when there is a problem with the connection between the SFTP client and the server. It can be caused by network issues, server configuration problems, or incorrect permissions on directories.
Yes, you can use any text editor you prefer to modify the sshd_config file. Simply replace "nano" with the name of your desired text editor in the command provided.
The permissions "0711" mean that the owner (root) has read, write, and execute permissions, while others can only execute (enter) the directory. This ensures that only the owner can modify the directory contents, while others can access their own subdirectories within it.
To create additional SFTP-only users, follow the example provided in Step 3, replacing ‘batman’ with the desired username. Make sure to adjust the commands accordingly to set the correct ownership and permissions for the new user’s home directory.
