Visit the LQ Articles and Editorials section
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-28-2007, 05:20 AM   #1
Registered: Jun 2005
Posts: 374

Rep: Reputation: 30
SFTP server chrooted

I am setting up an sftp server but want each user account chrooted to it's own jail. I have followed but am having problems getting it to work. I connect using sftp but the connection is immediately closed.

I have got allowsftp in my rssh.conf and I've also got /dev/null and /dev/log inside the jail, as well as library dependencies. I actually compiled a static openssh and static rssh to minimize the need for libraries inside the jails, so really I only have the following in my jail:
srw-rw-rw- 1 root root      0 Mar 26 18:49 dev/log
crw-rw-rw- 1 root root   1, 3 Mar 27 14:43 dev/null
-rw-r--r-- 1 root root     13 Mar 27 17:48 etc/group
-rw-r--r-- 1 root root     44 Mar 27 16:49 etc/passwd
-rw-r--r-- 1 root root     59 Mar 27 17:48 etc/shadow
-rwxr-xr-x 1 root root 109696 Mar 27 14:40 lib/
-rwxr-xr-x 1 root root  22456 Mar 27 14:40 lib/
-rwxr-xr-x 1 root root  30836 Mar 27 14:41 lib/
-rwxr-xr-x 1 root root 578776 Mar 27 17:03 usr/bin/sftp

total 1108
-rwx--x--x 1 root root 573240 Mar 27 14:38 rssh_chroot_helper
-rwxr-xr-x 1 root root 549164 Mar 27 14:39 sftp-server
I have also got the chroot patch on my openssh installation but am unsure how to use it. I have done the /home/user/./ trick in /etc/passwd which seems to chroot the user to their home dir but the connection is again immediately closed without giving the sftp prompt.

Any ideas?

Do you have a better way of doing a chrooted sftp server, perhaps without libraries inside the jail?

Last edited by humbletech99; 03-28-2007 at 05:21 AM.
Old 04-02-2007, 02:07 PM   #2
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 55
Try to debug the problem using strace on the server side.
Also I had talked about this some time ago:
Old 04-02-2007, 02:24 PM   #3
Registered: Jun 2005
Posts: 374

Original Poster
Rep: Reputation: 30
already got it working after some serious head scratching, thanks. I did use strace.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
sftp chrooted on samba - suggestions yogaboy Linux - Security 2 12-28-2006 09:24 AM
chrooted SFTP + FTP server TotalDefiance Linux - Server 4 12-08-2006 09:37 AM
Chrooted sftp - complete list of things to do? rose_bud4201 Linux - Networking 2 09-26-2006 07:30 PM
Problem with Scponly and chrooted SFTP kicko Mandriva 2 07-14-2006 02:10 PM
FC3 : Failing to configure a chrooted sftp gmuller Linux - Software 3 06-28-2005 02:39 AM

All times are GMT -5. The time now is 07:19 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration