SFTP server chrooted

humbletech99 · 03-28-2007, 04:20 AM

I am setting up an sftp server but want each user account chrooted to it's own jail. I have followed http://gentoo-wiki.com/HOWTO_SFTP_Se...thout_shell%29 but am having problems getting it to work. I connect using sftp but the connection is immediately closed.

I have got allowsftp in my rssh.conf and I've also got /dev/null and /dev/log inside the jail, as well as library dependencies. I actually compiled a static openssh and static rssh to minimize the need for libraries inside the jails, so really I only have the following in my jail:

Code:

srw-rw-rw- 1 root root      0 Mar 26 18:49 dev/log
crw-rw-rw- 1 root root   1, 3 Mar 27 14:43 dev/null
-rw-r--r-- 1 root root     13 Mar 27 17:48 etc/group
-rw-r--r-- 1 root root     44 Mar 27 16:49 etc/passwd
-rw-r--r-- 1 root root     59 Mar 27 17:48 etc/shadow
-rwxr-xr-x 1 root root 109696 Mar 27 14:40 lib/ld-linux.so.2
-rwxr-xr-x 1 root root  22456 Mar 27 14:40 lib/libcrypt.so.1
-rwxr-xr-x 1 root root  30836 Mar 27 14:41 lib/libnss_compat.so.2
-rwxr-xr-x 1 root root 578776 Mar 27 17:03 usr/bin/sftp

usr/lib/misc:
total 1108
-rwx--x--x 1 root root 573240 Mar 27 14:38 rssh_chroot_helper
-rwxr-xr-x 1 root root 549164 Mar 27 14:39 sftp-server

I have also got the chroot patch on my openssh installation but am unsure how to use it. I have done the /home/user/./ trick in /etc/passwd which seems to chroot the user to their home dir but the connection is again immediately closed without giving the sftp prompt.

Any ideas?

Do you have a better way of doing a chrooted sftp server, perhaps without libraries inside the jail?

nx5000 · 04-02-2007, 01:07 PM

Try to debug the problem using strace on the server side.
Also I had talked about this some time ago:
https://www.linuxquestions.org/quest...d.php?t=415231

humbletech99 · 04-02-2007, 01:24 PM

already got it working after some serious head scratching, thanks. I did use strace.