Celeb Glow
updates | March 05, 2026

SFTP ChRoot result in broken pipe

I have a website that I want to add some restricted access to a sub-folder. For this, I've decided to use CHROOT with SFTP (I mostly followed this link : )

For now, I've created a user (sio2104) and a group (magento).After following the guide, my folder list look like this :

-rw-r--r-- 1 root root 27 2012-02-01 14:23 index.html
-rw-r--r-- 1 root root 21 2012-02-01 14:24 info.php
drwx------ 15 root root 4096 2012-02-25 00:31 magento

As you can see, i've chown root:root the folder magento I wanted to jail-in the user and ...everything else by the way. Also in the magento folder, I chown sio2104:magento everything so they can access what they want. Finally, I've added this to sshd_config file :

#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group magento ChrootDirectory /usr/share/nginx/www/magento ForceCommand internal-sftp AllowTCPForwarding no X11Forwarding no PasswordAuthentication yes
#UsePAM yes

And the result is...well, I can enter my login, password and it's all finished with a "broken pipe" error. 

$ sftp sio2104@10.20.0.50
[....some debug....]
sio2104@10.20.0.50's password:
debug1: Authentication succeeded (password).
Authenticated to 10.20.0.50 ([10.20.0.50]:22).
debug1: channel 0: new [client-session]
debug1: Requesting
debug1: Entering interactive session.
Write failed: Broken pipe
Connection closed

Verbose mode gives nothing to help. Anyone have an idea of what I've done wrong? If I try to login with ssh or sftp with my personnal user, everything works fine.

3

3 Answers

I had the same problem.

The chroot-dir must be set to owner root and group root. (chown root:root chroot-dir)

2

Try having your default directory different to chroot directory.

I have set /home/ftpman as my default directory.

vi /etc/passwd
..
ftpman:x:1001:1002::/home/ftpman:/bin/bash

and 

ls -la /home
...
drwxr-xr-x 5 ftpman sftponly 4096 Jun 25 11:56 ftpman

Then I have chroot directory set to /. And it works for me

vi /etc/ssh/sshd_config
...
Match Group sftponly X11Forwarding no AllowTcpForwarding no ChrootDirectory / ForceCommand internal-sftp
2

I'm not 100% sure on this, but as far as I understand the chroot process, SSHd will fork as your user first, then tries to chroot. This will obviously fail as the directory can't be accessed being sio2104 on the system.

Try loosening up the filesystem permission on the magento folder (chmod o+rx).

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like

Where can I farm Boar Prime in warframe?

Can Vette be corrupted?

What are the advantages/disadvantages of each race?