LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-28-2007, 05:20 AM   #1
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Rep: Reputation: 30
SFTP server chrooted


I am setting up an sftp server but want each user account chrooted to it's own jail. I have followed http://gentoo-wiki.com/HOWTO_SFTP_Se...thout_shell%29 but am having problems getting it to work. I connect using sftp but the connection is immediately closed.

I have got allowsftp in my rssh.conf and I've also got /dev/null and /dev/log inside the jail, as well as library dependencies. I actually compiled a static openssh and static rssh to minimize the need for libraries inside the jails, so really I only have the following in my jail:
Code:
srw-rw-rw- 1 root root      0 Mar 26 18:49 dev/log
crw-rw-rw- 1 root root   1, 3 Mar 27 14:43 dev/null
-rw-r--r-- 1 root root     13 Mar 27 17:48 etc/group
-rw-r--r-- 1 root root     44 Mar 27 16:49 etc/passwd
-rw-r--r-- 1 root root     59 Mar 27 17:48 etc/shadow
-rwxr-xr-x 1 root root 109696 Mar 27 14:40 lib/ld-linux.so.2
-rwxr-xr-x 1 root root  22456 Mar 27 14:40 lib/libcrypt.so.1
-rwxr-xr-x 1 root root  30836 Mar 27 14:41 lib/libnss_compat.so.2
-rwxr-xr-x 1 root root 578776 Mar 27 17:03 usr/bin/sftp

usr/lib/misc:
total 1108
-rwx--x--x 1 root root 573240 Mar 27 14:38 rssh_chroot_helper
-rwxr-xr-x 1 root root 549164 Mar 27 14:39 sftp-server
I have also got the chroot patch on my openssh installation but am unsure how to use it. I have done the /home/user/./ trick in /etc/passwd which seems to chroot the user to their home dir but the connection is again immediately closed without giving the sftp prompt.

Any ideas?

Do you have a better way of doing a chrooted sftp server, perhaps without libraries inside the jail?

Last edited by humbletech99; 03-28-2007 at 05:21 AM.
 
Old 04-02-2007, 02:07 PM   #2
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 53
Try to debug the problem using strace on the server side.
Also I had talked about this some time ago:
https://www.linuxquestions.org/quest...d.php?t=415231
 
Old 04-02-2007, 02:24 PM   #3
humbletech99
Member
 
Registered: Jun 2005
Posts: 374

Original Poster
Rep: Reputation: 30
already got it working after some serious head scratching, thanks. I did use strace.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sftp chrooted on samba - suggestions yogaboy Linux - Security 2 12-28-2006 09:24 AM
chrooted SFTP + FTP server TotalDefiance Linux - Server 4 12-08-2006 09:37 AM
Chrooted sftp - complete list of things to do? rose_bud4201 Linux - Networking 2 09-26-2006 07:30 PM
Problem with Scponly and chrooted SFTP kicko Mandriva 2 07-14-2006 02:10 PM
FC3 : Failing to configure a chrooted sftp gmuller Linux - Software 3 06-28-2005 02:39 AM


All times are GMT -5. The time now is 06:46 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration