On Sat, Jan 17, 2026 at 09:02:22AM -0000, Stuart Henderson wrote:
> On 2026-01-17, Sylvain Saboua <[email protected]> wrote:
> > I get the following in /var/log/authlog on my server:
> > Jan 17 02:17:16 lap sshd-session[82216]: Accepted none for anonymous
> > from 10.0.0.21 port 57399 ssh2
> > Jan 17 02:17:16 lap sshd-session[75831]: fatal: bad ownership or modes
> > for chroot directory "/home/git"
> >
> > Yet :
> >
> > $ ls -ld /home/git
> > drwxr-x--- 6 _gotd _gotd 512 Jan 16 23:41 /home/git/
>
> the ChrootDirectory path must be owned by root, sshd will then
> change to $ChrootDirectory/$homedir. see the first parsgraph of
> sshd_config(5)'s description of ChrootDirectory.
Provided the anonymous user is using gotsh as the shell (which it should)
then there is no benefit from using chroot. The gotsh main loop runs under
pledge("stdio recvfd"); and thus cannot access the filesystem anyway.
