In this comprehensive guide, we will walk you through the process of fixing the SFTP Chroot error: Broken Pipe in Ubuntu 20.04. This error typically occurs when you are trying to establish SFTP-only users jailed to their home directory.
To fix the SFTP Chroot error: Broken Pipe in Ubuntu 20.04, you need to modify the
sshd_config file, set ownership and permissions for the
/home/sftp directory, and create users with the correct settings. These steps will help you establish SFTP-only users jailed to their home directory and resolve the broken pipe error.
Understanding the Error
The “Broken Pipe” error in SFTP Chroot generally happens when there’s a problem with the connection between the client and the server. It’s a common issue when trying to set up SFTP-only users with restricted access to their home directory.
Before we start, ensure that you have:
- A server running Ubuntu 20.04.
- Sudo or root privileges to modify system files and settings.
Step 1: Update sshd_config file
First, we need to modify the
sshd_config file, which is the main configuration file for the SSH server. Open the file using a text editor of your choice. Here, we’ll use
sudo nano /etc/ssh/sshd_config
Add the following lines to the end of the file:
Subsystem sftp internal-sftp Match Group sftponly ForceCommand internal-sftp -d /%u PasswordAuthentication yes ChrootDirectory /home/sftp/%u PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
Here’s what each line does:
Subsystem sftp internal-sftp: This line sets the SFTP server to use the internal-sftp subsystem, which is necessary for the chroot environment.
Match Group sftponly: This line matches any user in the ‘sftponly’ group.
ForceCommand internal-sftp -d /%u: This line forces the connection to use the SFTP protocol and sets the default directory to the user’s home directory.
PasswordAuthentication yes: This line allows users to authenticate using their passwords.
ChrootDirectory /home/sftp/%u: This line sets the chroot directory to the user’s home directory within the
X11Forwarding no: These lines disable various types of forwarding, increasing the security of the connection.
After adding these lines, save and close the file.
Step 2: Set Ownership and Permissions for /home/sftp
Next, we need to set the correct ownership and permissions for the
/home/sftp directory. This is necessary to ensure the security and isolation of each user’s files. Run the following commands:
sudo chown root:root /home/sftp sudo chmod 0711 /home/sftp
chown root:root /home/sftp changes the ownership of the directory to the root user and group, while
chmod 0711 /home/sftp sets the permissions so that only the owner (root) can write to the directory, but others can enter and access their own directories within it.
Step 3: Create Users with Correct Settings
Now, we can create users with the correct settings. For this example, we’ll create a user named ‘batman’. Run the following commands:
sudo adduser --quiet --disabled-password --shell /bin/false --no-create-home --gecos "User" batman echo "batman:batman123" | sudo chpasswd sudo usermod -a -G sftponly batman sudo install -d -m 0755 /home/sftp/batman -o batman -g sftponly
These commands do the following:
adduser --quiet --disabled-password --shell /bin/false --no-create-home --gecos "User" batman: This command creates a new user named ‘batman’ with a disabled password, no shell, and no home directory.
echo "batman:batman123" | sudo chpasswd: This command sets the password for ‘batman’ to ‘batman123’.
usermod -a -G sftponly batman: This command adds ‘batman’ to the ‘sftponly’ group.
install -d -m 0755 /home/sftp/batman -o batman -g sftponly: This command creates the home directory for ‘batman’ in
/home/sftp/batmanwith the correct ownership and permissions.
With these changes, users will only have access to their own directory (
/home/sftp/batman), and upon login, they will appear to be within
/ (which is actually
/home/sftp/batman). They will not be able to navigate to
/home/sftp and see a list of other users.
Remember, if you encounter an error when changing the directory ownership, make sure to use the correct group name (
sftponly) when setting the ownership.
By following these steps, you should be able to fix the SFTP Chroot error: Broken Pipe in Ubuntu 20.04. If you have any questions or run into any issues, feel free to ask in the comments section below.
SFTP Chroot is a method of restricting SFTP users to their home directory, providing a more secure environment by isolating their access to the server.
The "Broken Pipe" error usually occurs when there is a problem with the connection between the SFTP client and the server. It can be caused by network issues, server configuration problems, or incorrect permissions on directories.
Yes, you can use any text editor you prefer to modify the sshd_config file. Simply replace "nano" with the name of your desired text editor in the command provided.
The permissions "0711" mean that the owner (root) has read, write, and execute permissions, while others can only execute (enter) the directory. This ensures that only the owner can modify the directory contents, while others can access their own subdirectories within it.
To create additional SFTP-only users, follow the example provided in Step 3, replacing ‘batman’ with the desired username. Make sure to adjust the commands accordingly to set the correct ownership and permissions for the new user’s home directory.