I am setting up an sftp server but want each user account chrooted to it's own jail. I have followed
http://gentoo-wiki.com/HOWTO_SFTP_Se...thout_shell%29 but am having problems getting it to work. I connect using sftp but the connection is immediately closed.
I have got allowsftp in my rssh.conf and I've also got /dev/null and /dev/log inside the jail, as well as library dependencies. I actually compiled a static openssh and static rssh to minimize the need for libraries inside the jails, so really I only have the following in my jail:
Code:
srw-rw-rw- 1 root root 0 Mar 26 18:49 dev/log
crw-rw-rw- 1 root root 1, 3 Mar 27 14:43 dev/null
-rw-r--r-- 1 root root 13 Mar 27 17:48 etc/group
-rw-r--r-- 1 root root 44 Mar 27 16:49 etc/passwd
-rw-r--r-- 1 root root 59 Mar 27 17:48 etc/shadow
-rwxr-xr-x 1 root root 109696 Mar 27 14:40 lib/ld-linux.so.2
-rwxr-xr-x 1 root root 22456 Mar 27 14:40 lib/libcrypt.so.1
-rwxr-xr-x 1 root root 30836 Mar 27 14:41 lib/libnss_compat.so.2
-rwxr-xr-x 1 root root 578776 Mar 27 17:03 usr/bin/sftp
usr/lib/misc:
total 1108
-rwx--x--x 1 root root 573240 Mar 27 14:38 rssh_chroot_helper
-rwxr-xr-x 1 root root 549164 Mar 27 14:39 sftp-server
I have also got the chroot patch on my openssh installation but am unsure how to use it. I have done the /home/user/./ trick in /etc/passwd which seems to chroot the user to their home dir but the connection is again immediately closed without giving the sftp prompt.
Any ideas?
Do you have a better way of doing a chrooted sftp server, perhaps without libraries inside the jail?