LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 06-04-2005, 08:32 PM   #1
gmuller
LQ Newbie
 
Registered: Jun 2005
Location: NY (USA)
Distribution: Fedora 3
Posts: 3

Rep: Reputation: 0
FC3 : Failing to configure a chrooted sftp


Hi

I'm trying to configure a chrooted sftp server.
I cannot get the sftp users with a chrooted configuration.
The error message is :
$ sftp steph@OldSchool
Connecting to OldSchool...
steph@oldschool's password:
Connection closed

I increased the log level of the ssh server but did not get any troubleshooting clue

Any help would be welcome,

Please find some additionnal information,

Thanks in advance,

Guy

-- First ssh check
User steph :
steph:x:1000:1000::/sftp_root/home/steph:/bin/bash

ssh logging -> OK
sftp logging -> OK

-- Implementation of the rssh
User steph :
steph:x:1000:1000::/sftp_root/home/steph:/usr/bin/rssh

/etc/rssh.conf :
logfacility = LOG_USER
allowsftp
umask = 022

service sshd restart

ssh logging -> denied (normal)
sftp logging -> OK

-- Trying to chroot the user (here is where I start to face some issues)
Applied chroot.sh in the directory /sftp_root/home

/etc/rssh.conf :
logfacility = LOG_USER
allowsftp
umask = 022
chrootpath = "/usr/sbin/chroot /sftp_root/home"

service sshd restart

sftp logging -> failed
$ sftp steph@OldSchool
Connecting to OldSchool...
steph@oldschool's password:
Connection closed

-- Configuration :
-.- head /etc/redhat-release
Fedora Core release 3 (Heidelberg)

-.- rpm -qa | grep ssh
openssh-server-3.9p1-8.0.1
openssh-3.9p1-8.0.1
rssh-2.2.3-1.1.fc3.rf
openssh-askpass-gnome-3.9p1-8.0.1
openssh-clients-3.9p1-8.0.1
openssh-askpass-3.9p1-8.0.1

-.- chroot.sh
#!/bin/bash
# Chroot sftp script

set -x
cd /sftp_root/home
mkdir -p usr/bin
cp /usr/bin/sftp usr/bin
cp /usr/bin/rssh usr/bin
mkdir -p usr/libexec
cp /usr/libexec/rssh_chroot_helper usr/libexec
mkdir -p usr/libexec/openssh
cp /usr/libexec/openssh/sftp-server usr/libexec/openssh

# From :
ldd /usr/bin/sftp
ldd /usr/bin/rssh
ldd /usr/libexec/rssh_chroot_helper
ldd /usr/libexec/openssh/sftp-server

# Librairies processing
mkdir lib
cp /lib/libcrypto.so.4 lib
cp /lib/libutil.so.1 lib
mkdir -p usr/lib
cp /usr/lib/libz.so.1 usr/lib
cp /lib/libnsl.so.1 lib
cp /lib/libcrypt.so.1 lib
cp /lib/libselinux.so.1 lib
cp /usr/lib/libgssapi_krb5.so.2 usr/lib
cp /usr/lib/libkrb5.so.3 usr/lib
cp /usr/lib/libk5crypto.so.3 usr/lib
cp /lib/libcom_err.so.2 lib
cp /lib/libresolv.so.2 lib
mkdir -p lib/tls/i586
cp /lib/tls/i586/libc.so.6 lib/tls/i586/
cp /lib/libdl.so.2 lib
cp /lib/ld-linux.so.2 lib
 
Old 06-05-2005, 09:11 AM   #2
gmuller
LQ Newbie
 
Registered: Jun 2005
Location: NY (USA)
Distribution: Fedora 3
Posts: 3

Original Poster
Rep: Reputation: 0
Hi,

I did addtional tests and the jail seems to be well created :

[root@OldSchool home]# chroot /sftp_root/home /usr/bin/rssh

This account is restricted by rssh.
Allowed commands: scp

If you believe this is in error, please contact your system administrator.

[root@OldSchool home]# chroot /sftp_root/home /usr/bin/sftp
usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config]
[-o ssh_option] [-P sftp_server_path] [-R num_requests]
[-S program] [-s subsystem | sftp_server] host
sftp [[user@]host[:file [file]]]
sftp [[user@]host[:dir[/]]]
sftp -b batchfile [user@]host

The issue seems to be linked to the rssh.conf file, but I don't see how to troubleshoot it

Does anyone have an idea on how to troubleshoot this issue ?
Does anyone have a similar configuration working on a Fedora core 3 ?

Thanks in advance,

Guy
 
Old 06-05-2005, 11:25 AM   #3
gmuller
LQ Newbie
 
Registered: Jun 2005
Location: NY (USA)
Distribution: Fedora 3
Posts: 3

Original Poster
Rep: Reputation: 0
Hi

I found the solution on http://sourceforge.net/mailarchive/f...forum_id=33294

Instead of having :
user=steph:011:00010:"/usr/sbin/chroot /sftp_root/home"

You need to have :
user=steph:011:00010:/sftp_root/home

PS : /var/log/messages contains troubleshooting information.

Regards,

Guy
 
Old 06-28-2005, 01:39 AM   #4
keroppi
LQ Newbie
 
Registered: Jun 2005
Posts: 1

Rep: Reputation: 0
Failing to sftp to a chrooted user

Dear All,
I have tried many suggestions on Forum and web and still not work for my Redhat 9 with rssh installed.
I made a user 'webuser1' to limit it with rssh only able to sftp. All needed bin, lib, etc are copied under /home.But while after type password, its connection closed.

ssh is no problem:

#ssh webuser1@localhost
webuser1@localhost's password:

This account is restricted by rssh.
Allowed commands: scp sftp

If you believe this is in error, please contact your system administrator.

Connection to localhost closed.

The logs for winscp:
Jun 28 14:25:25 gpa sshd(pam_unix)[6012]: session opened for user webuser1 by (u
id=502)
Jun 28 14:25:25 gpa rssh[6013]: setting log facility to LOG_USER
Jun 28 14:25:25 gpa rssh[6013]: allowing scp to all users
Jun 28 14:25:25 gpa rssh[6013]: allowing sftp to all users
Jun 28 14:25:25 gpa rssh[6013]: setting umask to 022
Jun 28 14:25:25 gpa rssh[6013]: chrooting all users to /home
Jun 28 14:25:25 gpa rssh[6013]: line 36: configuring user webuser1
Jun 28 14:25:25 gpa rssh[6013]: setting webuser1's umask to 011
Jun 28 14:25:25 gpa rssh[6013]: allowing sftp to user webuser1
Jun 28 14:25:25 gpa rssh[6013]: chrooting webuser1 to /home/webuser1
Jun 28 14:25:25 gpa rssh[6013]: chroot cmd line: /usr/libexec/rssh_chroot_helper
"/home/webuser1" 2 "/" /usr/libexec/openssh/sftp-server
Jun 28 14:25:25 gpa sshd(pam_unix)[6012]: session closed for user webuser1

rssh.conf:
allowscp
allowsftp
chrootpath =/home
user=webuser1:011:00011:/home/webuser1

sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server

Experts can help? Thanks a millions!!!

I can only make it work with rssh.conf as no chrooted : user=webuser1:011:00011
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I use sftp to upload my web site? (no sftp tar command) johnMG Linux - Networking 6 06-21-2005 09:14 PM
FC3 k3b failing to start tweedledee Fedora 4 12-23-2004 03:08 AM
Configure chrooted apps to use /dev/log ultrafluke Debian 1 12-05-2004 05:19 AM
Failing javascript action in Mandrake 10.0 and FC3 snoopydoo Fedora 1 11-15-2004 04:31 PM
Files truncated by sftp/sftp-server at 65kb gato Linux - Networking 1 12-18-2003 10:29 AM


All times are GMT -5. The time now is 05:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration