Hello. I recently followed this guide: http://library.linode.com/security/sftp-jails/ in order to prevent some FTP users from seeing directories above in hierarchy from their default homes.

I followed all of the steps involved, but I am now getting:

"Error: Network error: Software caused connection abort
Error: Could not connect to server"

This occurs upon trying to connect with SFTP using FileZilla.

What are some steps to fix this issue and is there something I might have missed in the setup process?

I am using Ubuntu 10.10 Maverick.

Thank you!

At a guess I'd say you missed this part

usermod -G filetransfer username
chown root:root /home/username
chmod 755 /home/username

It's what most people miss.

If you set the log level to DEBUG in /etc/ssh/sshd_config and restart ssh then try connecting again, check /var/log/auth.log for debugging info which may give more information.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I did that, actually.

Anyway, here is what I just did:

root@snarf:~# usermod -G filetransfer nginxftp
root@snarf:~# chown root:root /home/nginxftp
root@snarf:~# chmod 755 /home/nginxftp
root@snarf:~# nano /etc/ssh/sshd_config
root@snarf:~# /etc/ssh/sshd_config restart
-bash: /etc/ssh/sshd_config: Permission denied
root@snarf:~# sudo /etc/ssh/sshd_config restart
sudo: /etc/ssh/sshd_config: command not found
root@snarf:~# /etc/ssh/sshd_config stop
-bash: /etc/ssh/sshd_config: Permission denied
root@snarf:~# chown root:root /etc/ssh/sshd_config
root@snarf:~# /etc/ssh/sshd_config restart
-bash: /etc/ssh/sshd_config: Permission denied
root@snarf:~# chmod 755 /etc/ssh/sshd_config
root@snarf:~# /etc/ssh/sshd_config restart
/etc/ssh/sshd_config: line 5: Port: command not found
/etc/ssh/sshd_config: line 9: Protocol: command not found
/etc/ssh/sshd_config: line 11: HostKey: command not found
/etc/ssh/sshd_config: line 12: HostKey: command not found
/etc/ssh/sshd_config: line 14: UsePrivilegeSeparation: command not found
/etc/ssh/sshd_config: line 17: KeyRegenerationInterval: command not found
/etc/ssh/sshd_config: line 18: ServerKeyBits: command not found
/etc/ssh/sshd_config: line 21: SyslogFacility: command not found
/etc/ssh/sshd_config: line 22: LogLevel: command not found
/etc/ssh/sshd_config: line 26: LoginGraceTime: command not found
/etc/ssh/sshd_config: line 27: PermitRootLogin: command not found
/etc/ssh/sshd_config: line 28: StrictModes: command not found
/etc/ssh/sshd_config: line 30: RSAAuthentication: command not found
/etc/ssh/sshd_config: line 31: PubkeyAuthentication: command not found
/etc/ssh/sshd_config: line 35: IgnoreRhosts: command not found
/etc/ssh/sshd_config: line 37: RhostsRSAAuthentication: command not found
/etc/ssh/sshd_config: line 39: HostbasedAuthentication: command not found
/etc/ssh/sshd_config: line 44: PermitEmptyPasswords: command not found
/etc/ssh/sshd_config: line 48: ChallengeResponseAuthentication: command not found
/etc/ssh/sshd_config: line 63: X11Forwarding: command not found
/etc/ssh/sshd_config: line 64: X11DisplayOffset: command not found
/etc/ssh/sshd_config: line 65: PrintMotd: command not found
/etc/ssh/sshd_config: line 66: PrintLastLog: command not found
/etc/ssh/sshd_config: line 67: TCPKeepAlive: command not found
/etc/ssh/sshd_config: line 74: AcceptEnv: command not found
/etc/ssh/sshd_config: line 76: Subsystem: command not found
/etc/ssh/sshd_config: line 87: UsePAM: command not found
/etc/ssh/sshd_config: line 89: Match: command not found
/etc/ssh/sshd_config: line 90: ChrootDirectory: command not found
/etc/ssh/sshd_config: line 91: X11Forwarding: command not found
/etc/ssh/sshd_config: line 92: AllowTcpForwarding: command not found
/etc/ssh/sshd_config: line 93: ForceCommand: command not found

Looks bad to me! XD

Anyway, in the log you just provided, this is what just occurred:

Mar 16 16:30:47 snarf sshd[18636]: pam_unix(sshd:session): session opened for user <USERHERE> by (uid=0)
Mar 16 16:30:47 snarf sshd[18649]: fatal: bad ownership or modes for chroot directory component "/home/"
Mar 16 16:30:47 snarf sshd[18636]: pam_unix(sshd:session): session closed for user <USERHERE>

You restart ssh by using

service ssh restart

You also shouldn't have changed permissions on /etc/ssh/sshd_config so run

chmod 0644 /etc/ssh/sshd_config

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Oh, alright, thanks!

Okay so still an issue. Same debug message:

Mar 16 16:44:51 snarf sshd[18703]: debug1: Forked child 18718.
Mar 16 16:44:51 snarf sshd[18718]: Set /proc/self/oom_adj to 0
Mar 16 16:44:51 snarf sshd[18718]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Mar 16 16:44:51 snarf sshd[18718]: debug1: inetd sockets after dupping: 3, 3
Mar 16 16:44:51 snarf sshd[18718]: Connection from 98.217.6.30 port 53392
Mar 16 16:44:51 snarf sshd[18718]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Nov_21_2010_15:53:55
Mar 16 16:44:51 snarf sshd[18718]: debug1: no match: PuTTY_Local:_Nov_21_2010_15:53:55
Mar 16 16:44:51 snarf sshd[18718]: debug1: Enabling compatibility mode for protocol 2.0
Mar 16 16:44:51 snarf sshd[18718]: debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-4ubuntu5
Mar 16 16:44:51 snarf sshd[18718]: debug1: user <USERHERE> matched group list filetransfer at line 89
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: initializing for "<USERHERE>"
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: setting PAM_RHOST to "<HOSTNAME HERE>"
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: setting PAM_TTY to "ssh"
Mar 16 16:44:51 snarf sshd[18718]: Failed none for <USERHERE> from 98.217.6.30 port 53392 ssh2
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: password authentication accepted for <USERHERE>
Mar 16 16:44:51 snarf sshd[18718]: debug1: do_pam_account: called
Mar 16 16:44:51 snarf sshd[18718]: Accepted password for <USERHERE> from 98.217.6.30 port 53392 ssh2
Mar 16 16:44:51 snarf sshd[18718]: debug1: monitor_child_preauth: <USERHERE> has been authenticated by privileged process
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: establishing credentials
Mar 16 16:44:51 snarf sshd[18718]: pam_unix(sshd:session): session opened for user <USERHERE> by (uid=0)
Mar 16 16:44:51 snarf sshd[18718]: User child is on pid 18730
Mar 16 16:44:51 snarf sshd[18730]: debug1: SELinux support disabled
Mar 16 16:44:51 snarf sshd[18730]: debug1: PAM: establishing credentials
Mar 16 16:44:51 snarf sshd[18730]: fatal: bad ownership or modes for chroot directory component "/home/"
Mar 16 16:44:51 snarf sshd[18730]: debug1: do_cleanup
Mar 16 16:44:51 snarf sshd[18718]: debug1: do_cleanup
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: cleanup
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: closing session
Mar 16 16:44:51 snarf sshd[18718]: pam_unix(sshd:session): session closed for user <USERHERE>
Mar 16 16:44:51 snarf sshd[18718]: debug1: PAM: deleting credentials

Sounds like this bit is wrong

Match group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Either that or your user's home directory is set to /home/ instead of /home/<username>

What's the content of your /etc/ssh/sshd_config file?

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I had

Match group filetransfer 
    ChrootDirectory /home/%u
    X11Forwarding no 
    AllowTcpForwarding no 
    ForceCommand internal-sftp

or something like that.

I changed it back to what you have, but still no changes. Still same debug error.

I also just re-set the home directory and no changes were made.

did you run

service ssh restart

after changing sshd_config?

What does

ls -lhd /home

output.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Yes.

And:

drwxrwxrwx 6 root root 4.0K Mar 10 15:43 /home

!!!!

Try "chmod 755 /home" ... you've got it set world-writable, which will (correctly) freak sshd out.

_________________

/* TODO: need to add signature to posts */

That fixed it

Thank you very much!!