FC3 : Failing to configure a chrooted sftp
Hi
I'm trying to configure a chrooted sftp server. I cannot get the sftp users with a chrooted configuration. The error message is : $ sftp steph@OldSchool Connecting to OldSchool... steph@oldschool's password: Connection closed I increased the log level of the ssh server but did not get any troubleshooting clue :( Any help would be welcome, Please find some additionnal information, Thanks in advance, Guy -- First ssh check User steph : steph:x:1000:1000::/sftp_root/home/steph:/bin/bash ssh logging -> OK sftp logging -> OK -- Implementation of the rssh User steph : steph:x:1000:1000::/sftp_root/home/steph:/usr/bin/rssh /etc/rssh.conf : logfacility = LOG_USER allowsftp umask = 022 service sshd restart ssh logging -> denied (normal) sftp logging -> OK -- Trying to chroot the user (here is where I start to face some issues) Applied chroot.sh in the directory /sftp_root/home /etc/rssh.conf : logfacility = LOG_USER allowsftp umask = 022 chrootpath = "/usr/sbin/chroot /sftp_root/home" service sshd restart sftp logging -> failed $ sftp steph@OldSchool Connecting to OldSchool... steph@oldschool's password: Connection closed -- Configuration : -.- head /etc/redhat-release Fedora Core release 3 (Heidelberg) -.- rpm -qa | grep ssh openssh-server-3.9p1-8.0.1 openssh-3.9p1-8.0.1 rssh-2.2.3-1.1.fc3.rf openssh-askpass-gnome-3.9p1-8.0.1 openssh-clients-3.9p1-8.0.1 openssh-askpass-3.9p1-8.0.1 -.- chroot.sh #!/bin/bash # Chroot sftp script set -x cd /sftp_root/home mkdir -p usr/bin cp /usr/bin/sftp usr/bin cp /usr/bin/rssh usr/bin mkdir -p usr/libexec cp /usr/libexec/rssh_chroot_helper usr/libexec mkdir -p usr/libexec/openssh cp /usr/libexec/openssh/sftp-server usr/libexec/openssh # From : ldd /usr/bin/sftp ldd /usr/bin/rssh ldd /usr/libexec/rssh_chroot_helper ldd /usr/libexec/openssh/sftp-server # Librairies processing mkdir lib cp /lib/libcrypto.so.4 lib cp /lib/libutil.so.1 lib mkdir -p usr/lib cp /usr/lib/libz.so.1 usr/lib cp /lib/libnsl.so.1 lib cp /lib/libcrypt.so.1 lib cp /lib/libselinux.so.1 lib cp /usr/lib/libgssapi_krb5.so.2 usr/lib cp /usr/lib/libkrb5.so.3 usr/lib cp /usr/lib/libk5crypto.so.3 usr/lib cp /lib/libcom_err.so.2 lib cp /lib/libresolv.so.2 lib mkdir -p lib/tls/i586 cp /lib/tls/i586/libc.so.6 lib/tls/i586/ cp /lib/libdl.so.2 lib cp /lib/ld-linux.so.2 lib |
Hi,
I did addtional tests and the jail seems to be well created : [root@OldSchool home]# chroot /sftp_root/home /usr/bin/rssh This account is restricted by rssh. Allowed commands: scp If you believe this is in error, please contact your system administrator. [root@OldSchool home]# chroot /sftp_root/home /usr/bin/sftp usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config] [-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program] [-s subsystem | sftp_server] host sftp [[user@]host[:file [file]]] sftp [[user@]host[:dir[/]]] sftp -b batchfile [user@]host The issue seems to be linked to the rssh.conf file, but I don't see how to troubleshoot it :( Does anyone have an idea on how to troubleshoot this issue ? Does anyone have a similar configuration working on a Fedora core 3 ? Thanks in advance, Guy |
Hi
I found the solution on http://sourceforge.net/mailarchive/f...forum_id=33294 Instead of having : user=steph:011:00010:"/usr/sbin/chroot /sftp_root/home" You need to have : user=steph:011:00010:/sftp_root/home PS : /var/log/messages contains troubleshooting information. Regards, Guy |
Failing to sftp to a chrooted user
Dear All,
I have tried many suggestions on Forum and web and still not work for my Redhat 9 with rssh installed. I made a user 'webuser1' to limit it with rssh only able to sftp. All needed bin, lib, etc are copied under /home.But while after type password, its connection closed. ssh is no problem: #ssh webuser1@localhost webuser1@localhost's password: This account is restricted by rssh. Allowed commands: scp sftp If you believe this is in error, please contact your system administrator. Connection to localhost closed. The logs for winscp: Jun 28 14:25:25 gpa sshd(pam_unix)[6012]: session opened for user webuser1 by (u id=502) Jun 28 14:25:25 gpa rssh[6013]: setting log facility to LOG_USER Jun 28 14:25:25 gpa rssh[6013]: allowing scp to all users Jun 28 14:25:25 gpa rssh[6013]: allowing sftp to all users Jun 28 14:25:25 gpa rssh[6013]: setting umask to 022 Jun 28 14:25:25 gpa rssh[6013]: chrooting all users to /home Jun 28 14:25:25 gpa rssh[6013]: line 36: configuring user webuser1 Jun 28 14:25:25 gpa rssh[6013]: setting webuser1's umask to 011 Jun 28 14:25:25 gpa rssh[6013]: allowing sftp to user webuser1 Jun 28 14:25:25 gpa rssh[6013]: chrooting webuser1 to /home/webuser1 Jun 28 14:25:25 gpa rssh[6013]: chroot cmd line: /usr/libexec/rssh_chroot_helper "/home/webuser1" 2 "/" /usr/libexec/openssh/sftp-server Jun 28 14:25:25 gpa sshd(pam_unix)[6012]: session closed for user webuser1 rssh.conf: allowscp allowsftp chrootpath =/home user=webuser1:011:00011:/home/webuser1 sshd_config: Subsystem sftp /usr/libexec/openssh/sftp-server Experts can help? Thanks a millions!!! I can only make it work with rssh.conf as no chrooted : user=webuser1:011:00011 |
All times are GMT -5. The time now is 01:28 PM. |