# chroot+sshd



## b1ade (Dec 19, 2010)

Good time colleagues. Help with the situation.
Here's the thing.


```
www # uname-a
FreeBSD [url]www.test.net[/url] 7.1-RELEASE-p5 FreeBSD 7.1-RELEASE-p5 # 0: Wed May 6 18:10:51 PDT 2009 [email]root@bsd-basic.abac.net[/email]: 
/ usr / obj / usr / src / sys / GENERIC i386
www # ssh-V
OpenSSH_5.1p1 FreeBSD-20080901, OpenSSL 0.9.8e 23 Feb 2007
```

cat / etc / ssh / sshd_config

```
# AllowAgentForwarding yes
# AllowTcpForwarding yes
# GatewayPorts no
# X11Forwarding yes
# X11DisplayOffset 10
# X11UseLocalhost yes
# PrintMotd yes
# PrintLastLog yes
# TCPKeepAlive yes
# UseLogin no
# UsePrivilegeSeparation yes
# PermitUserEnvironment no
# Compression delayed
# ClientAliveInterval 0
# ClientAliveCountMax 3
# UseDNS yes
# PidFile / var / run / sshd.pid
# MaxStartups 10
# PermitTunnel no
# ChrootDirectory none

# No default banner path
# Banner none

# Override default of no subsystems
Subsystem sftp / usr / libexec / sftp-server

# Example of overriding settings on a per-user basis
# Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
ChrootDirectory% h
Match User test
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand internal-sftp
# ChrootDirectory% h
Match User test2
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand internal-sftp
# ChrootDirectory% h
Match User test3
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand internal-sftp
```
and so on. Next rubutaem sshd and get results!


```
www # / etc / rc.d / sshd restart
Stopping sshd.
Starting sshd.
/ etc / ssh / sshd_config: line 135: Bad configuration option: ChrootDirectory
/ etc / ssh / sshd_config line 135: Directive 'ChrootDirectory' is not allowed within a Match block
```

The question arises as to what to put above ChrootDirectory, and so it is above the Match Block ?

Please help me. ))


----------



## SirDice (Dec 20, 2010)

You have spaces in places where they don't belong and are lacking spaces in places where they should.


----------



## b1ade (Dec 20, 2010)

*chroot+ssh*


```
Match User test
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand internal-sftp
ChrootDirectory %h
```
in my config is written so, and still obtain exact same error.


----------



## b1ade (Dec 20, 2010)

Early this config worked, I commented out the lines ChrootDirectory restarted the sshd daemon. Then I uncommented back ChrootDirectory line. Restart the daemon and get the output error. Explain what could be a mistake.


----------



## b1ade (Dec 22, 2010)

the problem is solved by, upgrade ssh and turning the old config files (with lines chroot). Config is not copied! .... left everything as is. Now everything works.


----------

