LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   FC3 : Failing to configure a chrooted sftp (https://www.linuxquestions.org/questions/linux-software-2/fc3-failing-to-configure-a-chrooted-sftp-330442/)

gmuller 06-04-2005 08:32 PM
FC3 : Failing to configure a chrooted sftp
 
Hi

I'm trying to configure a chrooted sftp server.
I cannot get the sftp users with a chrooted configuration.
The error message is :
$ sftp steph@OldSchool
Connecting to OldSchool...
steph@oldschool's password:
Connection closed

I increased the log level of the ssh server but did not get any troubleshooting clue :(

Any help would be welcome,

Please find some additionnal information,

Thanks in advance,

Guy

-- First ssh check
User steph :
steph:x:1000:1000::/sftp_root/home/steph:/bin/bash

ssh logging -> OK
sftp logging -> OK

-- Implementation of the rssh
User steph :
steph:x:1000:1000::/sftp_root/home/steph:/usr/bin/rssh

/etc/rssh.conf :
logfacility = LOG_USER
allowsftp
umask = 022

service sshd restart

ssh logging -> denied (normal)
sftp logging -> OK

-- Trying to chroot the user (here is where I start to face some issues)
Applied chroot.sh in the directory /sftp_root/home

/etc/rssh.conf :
logfacility = LOG_USER
allowsftp
umask = 022
chrootpath = "/usr/sbin/chroot /sftp_root/home"

service sshd restart

sftp logging -> failed
$ sftp steph@OldSchool
Connecting to OldSchool...
steph@oldschool's password:
Connection closed

-- Configuration :
-.- head /etc/redhat-release
Fedora Core release 3 (Heidelberg)

-.- rpm -qa | grep ssh
openssh-server-3.9p1-8.0.1
openssh-3.9p1-8.0.1
rssh-2.2.3-1.1.fc3.rf
openssh-askpass-gnome-3.9p1-8.0.1
openssh-clients-3.9p1-8.0.1
openssh-askpass-3.9p1-8.0.1

-.- chroot.sh
#!/bin/bash
# Chroot sftp script

set -x
cd /sftp_root/home
mkdir -p usr/bin
cp /usr/bin/sftp usr/bin
cp /usr/bin/rssh usr/bin
mkdir -p usr/libexec
cp /usr/libexec/rssh_chroot_helper usr/libexec
mkdir -p usr/libexec/openssh
cp /usr/libexec/openssh/sftp-server usr/libexec/openssh

# From :
ldd /usr/bin/sftp
ldd /usr/bin/rssh
ldd /usr/libexec/rssh_chroot_helper
ldd /usr/libexec/openssh/sftp-server

# Librairies processing
mkdir lib
cp /lib/libcrypto.so.4 lib
cp /lib/libutil.so.1 lib
mkdir -p usr/lib
cp /usr/lib/libz.so.1 usr/lib
cp /lib/libnsl.so.1 lib
cp /lib/libcrypt.so.1 lib
cp /lib/libselinux.so.1 lib
cp /usr/lib/libgssapi_krb5.so.2 usr/lib
cp /usr/lib/libkrb5.so.3 usr/lib
cp /usr/lib/libk5crypto.so.3 usr/lib
cp /lib/libcom_err.so.2 lib
cp /lib/libresolv.so.2 lib
mkdir -p lib/tls/i586
cp /lib/tls/i586/libc.so.6 lib/tls/i586/
cp /lib/libdl.so.2 lib
cp /lib/ld-linux.so.2 lib

gmuller 06-05-2005 09:11 AM
Hi,

I did addtional tests and the jail seems to be well created :

[root@OldSchool home]# chroot /sftp_root/home /usr/bin/rssh

This account is restricted by rssh.
Allowed commands: scp

If you believe this is in error, please contact your system administrator.

[root@OldSchool home]# chroot /sftp_root/home /usr/bin/sftp
usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
[-o ssh_option] [-P sftp_server_path] [-R num_requests]
[-S program] [-s subsystem | sftp_server] host
sftp [[user@]host[:file [file]]]
sftp [[user@]host[:dir[/]]]
sftp -b batchfile [user@]host

The issue seems to be linked to the rssh.conf file, but I don't see how to troubleshoot it :(

Does anyone have an idea on how to troubleshoot this issue ?
Does anyone have a similar configuration working on a Fedora core 3 ?

Thanks in advance,

Guy

gmuller 06-05-2005 11:25 AM
Hi

I found the solution on http://sourceforge.net/mailarchive/f...forum_id=33294

Instead of having :
user=steph:011:00010:"/usr/sbin/chroot /sftp_root/home"

You need to have :
user=steph:011:00010:/sftp_root/home

PS : /var/log/messages contains troubleshooting information.

Regards,

Guy

keroppi 06-28-2005 01:39 AM
Failing to sftp to a chrooted user
 
Dear All,
I have tried many suggestions on Forum and web and still not work for my Redhat 9 with rssh installed.
I made a user 'webuser1' to limit it with rssh only able to sftp. All needed bin, lib, etc are copied under /home.But while after type password, its connection closed.

ssh is no problem:

#ssh webuser1@localhost
webuser1@localhost's password:

This account is restricted by rssh.
Allowed commands: scp sftp

If you believe this is in error, please contact your system administrator.

Connection to localhost closed.

The logs for winscp:
Jun 28 14:25:25 gpa sshd(pam_unix)[6012]: session opened for user webuser1 by (u
id=502)
Jun 28 14:25:25 gpa rssh[6013]: setting log facility to LOG_USER
Jun 28 14:25:25 gpa rssh[6013]: allowing scp to all users
Jun 28 14:25:25 gpa rssh[6013]: allowing sftp to all users
Jun 28 14:25:25 gpa rssh[6013]: setting umask to 022
Jun 28 14:25:25 gpa rssh[6013]: chrooting all users to /home
Jun 28 14:25:25 gpa rssh[6013]: line 36: configuring user webuser1
Jun 28 14:25:25 gpa rssh[6013]: setting webuser1's umask to 011
Jun 28 14:25:25 gpa rssh[6013]: allowing sftp to user webuser1
Jun 28 14:25:25 gpa rssh[6013]: chrooting webuser1 to /home/webuser1
Jun 28 14:25:25 gpa rssh[6013]: chroot cmd line: /usr/libexec/rssh_chroot_helper
"/home/webuser1" 2 "/" /usr/libexec/openssh/sftp-server
Jun 28 14:25:25 gpa sshd(pam_unix)[6012]: session closed for user webuser1

rssh.conf:
allowscp
allowsftp
chrootpath =/home
user=webuser1:011:00011:/home/webuser1

sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server

Experts can help? Thanks a millions!!!

I can only make it work with rssh.conf as no chrooted : user=webuser1:011:00011


All times are GMT -5. The time now is 01:28 PM.