A systems administrator is configuring secure remote access for a user who only needs to transfer files. The administrator modifies the /etc/ssh/sshd_config file, setting Subsystem sftp to internal-sftp and adding a Match User block with a ChrootDirectory directive pointing to the user's home directory (%h). After restarting the SSH daemon, the user's SFTP connection is immediately closed after successful authentication. Which of the following is the most likely cause for this failure?
The user's assigned shell, /bin/bash, is not present within the chroot jail.
A firewall is blocking incoming connections for the SFTP service.
The ownership and permissions on the ChrootDirectory path are incorrect.
The sftp-server binary has not been copied into the chroot jail.
The correct answer is that the ChrootDirectory path and all of its parent components must be owned by the root user and not be writable by any other user or group. This is a strict security requirement of the OpenSSH daemon to prevent the chrooted user from breaking out of the jail. If /home/user is designated as the chroot directory, both /home and /home/user must be owned by root. Since a user typically needs write access to their own home directory, the standard practice is to create a subdirectory inside the home directory (e.g., /home/user/upload) owned by the user, while the home directory itself remains owned by root. The internal-sftp subsystem does not require a separate sftp-server binary or a user shell like /bin/bash to be present within the jail. Firewall rules would typically prevent the initial connection, not cause a disconnect after authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why must the ChrootDirectory and its parent directories be owned by root?
Open an interactive chat with Bash
What is the purpose of setting 'Subsystem sftp' to 'internal-sftp'?
Open an interactive chat with Bash
How does creating a subdirectory inside the home directory improve security?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access