I've been using a modified version of the mkchroot.sh script to setup a jail purely to run sftp with rssh, under Debian Testing. It stopped working after an update to openssh-server 1:4.3p2-2 - I would just get 'connection closed' whenever I tried to connect.
Copying /dev/null into the jail seems to have fixed it - this is my jail content now: [drwx---rwx] ./dev [srw-rw-rw-] ./dev/log [-rw-rw-rw-] ./dev/null [d------r-x] ./lib [-------r-x] ./lib/ld-linux.so.2 [-------r-x] ./lib/libc.so.6 [-------r-x] ./lib/libcom_err.so.2 [-------r-x] ./lib/libcrypt.so.1 [-------r-x] ./lib/libdl.so.2 [-------r-x] ./lib/libnsl.so.1 [-------r-x] ./lib/libresolv.so.2 [-------r-x] ./lib/libselinux.so.1 [-------r-x] ./lib/libsepol.so.1 [-------r-x] ./lib/libutil.so.1 [dr-x---r-x] ./rumba [dr-x------] ./rumba/.ssh [-r--------] ./rumba/.ssh/authorized_keys [drwxrwxrwx] ./rumba/shared [d------r-x] ./usr [d------r-x] ./usr/lib [d------r-x] ./usr/lib/i686 [d------r-x] ./usr/lib/i686/cmov [-------r-x] ./usr/lib/i686/cmov/libcrypto.so.0.9.8 [-------r-x] ./usr/lib/libgssapi_krb5.so.2 [-------r-x] ./usr/lib/libk5crypto.so.3 [-------r-x] ./usr/lib/libkrb5.so.3 [-------r-x] ./usr/lib/libkrb5support.so.0 [-------r-x] ./usr/lib/libz.so.1 [d------r-x] ./usr/lib/openssh [-------r-x] ./usr/lib/openssh/sftp-server [lrwxrwxrwx] ./usr/lib/sftp-server -> openssh/sftp-server I'm still tweaking the jail contents/ownerships/permissions, but it seems to be working pretty well so far :-) Karl Mowatt-Wilson. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
