3

I have a home PC and I created a reverse port forwarding to a server. Now I would like to go access to some people to the Home PC through this server. I would like to control the access of the user on this server so I added the following lines to the /etc/ssh/sshd_config

Match User restricteduser
   ChrootDirectory /home/restricteduser
   AllowAgentForwarding no
   PermitOpen localhost:3333

but when I'm trying to connect to the server

ssh restricteduser@serverIP
restricteduser@serverIP's password:

I'm getting the following error:

Write failed: Connection reset by peer
jrg
  • 60,611
Mokus
  • 4,502

1 Answers1

4

The logfiles for the ssh daemon should give you specific information on what's happening here. Check /var/log/auth.log.

However, I suspect that the ChrootDirectory is what is causing problems.

When remoteuser logs in, the ssh daemon tries to chroot to /home/restricteduser and start restricteduser's shell (probably /bin/bash). Because it's chrooted, the ssh daemon will be looking for /home/restricteduser/bin/bash.

Additionally, any libraries needed by the shell need to be present in the chroot (check with ldd /bin/bash), and the same applies to any files that the shell expects to be available when started. If the ssh daemon itself needs access to files, they will need to be present too.

If restricteduser is to run any programs once logged-in, they'll need to be in the chroot too, as well as their dependent libraries/files.

This can get quite complex. If you're simply looking to provide port-forwarding, check out the answer to How to create a restricted SSH user for port forwarding?

Community
  • 1
Jeremy Kerr
  • 27,199