I'm running OpenSSH on Cygwin, which I'm trying to use as an SFTP server only. I installed it first with just the default settings (external SFTP server sftp-server
) and it worked. I was able to run PuTTY's PSFTP and "open localhost" and browse my files.
However for security I wanted to:
- Only allow SFTP access (not SSH)
- Only allow me to login (not other users)
- Only allow me to browse my own home directory
- Only allow read-only access
To achieve this I put the following at the end of /etc/sshd_config
:
Subsystem sftp internal-sftp
Match User myusername
ChrootDirectory /home/myusername
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp -d / -R
Match User !myusername
ForceCommand echo 'successful login man, congrats'
(The last part is from this answer, which essentially prevents the matching user from logging in.)
Note that I also added -d /
to the internal-sftp
command-line, as it told me it defaults to the home directory, so I thought it might try to load /home/myusername
by default, which would map to /home/myusername/home/myusername
on the real system (a path that does not exist).
However when trying to login, I now get the following error:
psftp> open localhost
login as: myusername
myusername@localhost's password:
Fatal: unable to initialise SFTP: could not connect
psftp>
Interestingly though, I am on the server, just not actually on the SFTP:
psftp> open localhost
login as: myusername
myusername@localhost's password:
Fatal: unable to initialise SFTP: could not connect
psftp> open localhost
psftp: already connected
psftp> pwd
Remote directory is (null)
psftp>
What am I doing wrong, or how can I get logs for further troubleshooting?
/usr/sbin/sshd -D -d -p 2222
and try to connect, check the debug output