Chroot jail for sftp, Solaris 10, OpenSSH_5.1p1
The system is Solaris 10 with OpenSSH_5.1p1
I tried a few different ways to chroot a user, but the user can still browse around. The user created: guests:guests The entry in passwd: guests:x:128:102:GuestFTP:/dir/./guests/:/usr/lib/ssh/sftp-server done ftpconfig -d /dir/guests created /etc/shells and /bin/true added /etc/ftpd/ftpaccess modified to include: guestuser guests upload /dir/guests/pub * no upload /dir/guests/pub /pub yes guests guests 0666 nodirs upload /dir/guests/pub /pub yes guests guests 0666 nodirs In this way the user guests can still browse the directories and is not jailed to his dir. When I replaced the shell to /bin/true, the sftp closes straight after authentication with exit status 0. I also tried /usr/bin/true (was added to /etc/shells), but exit status 0 again. The other way I tried: added to the /etc/ssh/sshd_config Subsystem sftp /usr/lib/ssh/sftp-server Match Group guests ChrootDirectory /dir/guests ForceCommand /usr/lib/ssh/sftp-server AllowTcpForwarding no Then restarted the ssh, but ssh went into maintenance and reported Bad configuration option Match, the same for ChrootDirectory and ForceCommand. I thought Match was valid for OpenSSH_5. I have ran out of options. I would really appreciate any help and comments. Thanks a lot. |
Hey Saskak,
That's a big issue with Sol 10 (At least, it seems as though it all used to be so much easier ;) Rather than going the full-chroot avenue (where you have to copy all the relevant binary and libraries into the chrooted environment - so your user can do "ls", etc), check out this page. I've found it to be very helpful: http://www.minstrel.org.uk/papers/sftp/ Best of luck to you! , Mike |
All times are GMT -5. The time now is 10:39 AM. |