Written by James McDonald

July 25, 2022

I am currently working on integrating a client internal system with MessageXchange via an SFTP gateway for EDI with Coles, Woolworth and Metcash (when MessageXchange / Colladium – completes their accreditation)

So for testing I wanted to emulate their SFTP endpoint. So I followed the very useful steps here:

https://www.thegeekstuff.com/2012/03/chroot-sftp-setup/

My Steps on Ubuntu 22.04

Create a root folder for all chroot’d SFTP dirs

mkdir /sftp

Create a SFTP “home” directory for a specific user and some in out dirs to mimic the MessageXchange folder structure and set permissions to allow user to read and write to the directories

mkdir -p /sftp/sftptest/{IN,OUT}
chown sftptest:sftptest -Rv /sftp/sftptest/*
# make sure the SFTP "home" directory is owned by root or you get the Broken pipe error below
chown root:root /sftp/sftptest

Add some configuration to /etc/ssh/sshd_config

Match Group sftptest
        ChrootDirectory /sftp/%u
        ForceCommand internal-sftp
# restart ssh
systemctl restart ssh

Make sure the SFTP home dir is owned by root

One thing I found was the the chroot’d home directory needs to be owned by root if the chroot SFTP homedir is owned by the user you will get a Broken pipe error:

Directory Structure

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...