Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - General > Member Success Stories
User Name
Password Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.


  Search this Thread
Old 10-01-2006, 12:52 PM   #1
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
Lightbulb Working Script chroot rssh tested on FC5

Well i wanted to setup a chrooted ssh to allow users sftp to my server for file transfer. The chroot ssh site "" seems to be down for some reason so i moved to rssh with no need to patch openssh. I had trouble getting it to work and after long hours of hair pulling success just wanted to share this with others so they don't waste time figuring out whats bloddy worng

In my case (testin with Winscp) the connection would close after authenticating the user.

The problem:

permission to /chroot_path/dev/null & /chroot_path/dev/zero was not chmod 666 .sheeshhh

I have tested this on a fedora core 5 distro and would work on redhat distros and possibly on others.

Download Rssh from:

Configure /etc/rssh.cong for chroot.

Some things i do manually is creating sftp users home directory under the chroot jail home directory, chown the direcoty to the user and chmod 770 to the user's home dir and copying the user's entry frm /etc/passwd & group to chroot jail etc directory.

in my passwd the entry is like:


Also edit /etc/sysconfig/syslog

and replace


SYSLOGD_OPTIONS="-m 0 -a /chroot_jail_path/dev/log"

service syslog restart

otherwise the last rssh log entry in /var/log/messages will always be:

chroot cmd line: /usr/libexec/rssh_chroot_helper 2 /usr/libexec/openssh/sftp-server"
because after chrooting it can't find /dev/log in the jail.

The following is my modified script to create the Chroot Jail environment i found on some site.

Copy and paste the code in a file called "create_chroot_rssh" and

chmod +x create_chroot_rssh


# Here specify the apps you want into the enviroment
APPS="/usr/bin/scp /usr/libexec/openssh/sftp-server /usr/libexec/rssh_chroot_helper"

# Sanity check
if [ "$1" = "" ] ; then
        echo "Usage: ./create_chroot_rssh chroot_jail_path"
        echo "For eg: ./create_chroot_rssh /home/chroot"

# Obtain username and HomeDir

# Create Directories no one will do it for you
mkdir ./home
mkdir ./etc
mkdir ./usr
mkdir ./usr/bin
mkdir -p ./usr/libexec/openssh
mkdir dev
mknod ./dev/null c 1 3
mknod ./dev/zero c 1 5
chmod 666 ./dev/*

# Copy the apps and the related libs
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraries
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir ./`dirname $l` > /dev/null 2>&1
 cp $l ./$l

# This library has a symbolic link
cp /lib/ ./lib
ln -s ./lib/

# From some strange reason these 3 libraries are not in the ldd output, but without them
# some stuff will not work, like usr/bin/groups
cp /lib/ /lib/ /lib/ ./lib/
cp /etc/* ./etc/

Last edited by ~=gr3p=~; 10-01-2006 at 01:00 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
fc5 iptables script ?? dansawyer Linux - Security 1 08-04-2006 11:54 AM
rssh and problems login fredriksk Linux - Enterprise 1 12-06-2005 08:38 AM
Help USB keyboard failing for no reason tested&WORKING carl0ski Linux - Hardware 2 12-07-2004 05:42 AM
sftplogging with rssh plan9 Slackware 0 08-16-2004 09:03 PM
rssh: problems in configuration sqn Linux - Networking 2 05-26-2004 12:39 AM > Forums > Linux Forums > Linux - General > Member Success Stories

All times are GMT -5. The time now is 06:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration