chroot rssh set up problem

Fri, 25 Aug 2006 03:57:01 -0700

Hi folks,  I am struggling with getting rssh to work with a chroot jail. It runs fine without it but when I try and use the jail I get connection closed after the password when I sftp. I installed the sourceforge rpm on Fedora core 5 and ran the mkchroot.sh. Below is log info and jail contents. I am probably missing something obvious but I would appreciate a pointer in the right direction.

Thanks
Damian

log
Aug 24 16:52:22 sshtest rssh[29774]: line 51: configuring user damian
Aug 24 16:52:22 sshtest rssh[29774]: setting damian's umask to 011
Aug 24 16:52:22 sshtest rssh[29774]: allowing sftp to user damian
Aug 24 16:52:22 sshtest rssh[29774]: chrooting damian to /hroots/hroot1
Aug 24 16:52:22 sshtest rssh[29774]: chroot cmd line: /usr/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server"

Contents of jail are below
I have bash in the jail so that I could test

 chroot /hroots/hroot1 /bin/bash

which seems to work ok


.:
total 52
drwxr-xr-x 2 root   root   4096 Aug 24 16:47 bin
drwxr-xr-x 2 root   root   4096 Aug 24 11:49 dev
drwxr-xr-x 2 root   root   4096 Aug 24 11:49 etc
drwxr-xr-x 3 damian damian 4096 Aug 24 12:16 home
-rw-r--r-- 1 root   root      0 Aug 25 11:43 jail.txt
drwxr-xr-x 2 root   root   4096 Aug 24 16:52 lib
drwxr-xr-x 5 root   root   4096 Aug 24 11:49 usr

./bin:
total 716
-rwxr-xr-x 1 root root 720888 Feb 11  2006 bash
lrwxrwxrwx 1 root root      4 Aug 24 16:47 sh -> bash

./dev:
total 0

./etc:
total 68
-rw-r--r-- 1 root root 39770 Aug 24 16:33 ld.so.cache
-rw-r--r-- 1 root root    28 Aug 24 16:33 ld.so.conf
-rw-r--r-- 1 root root  1696 Aug 24 11:49 nsswitch.conf
-rw-r--r-- 1 root root  1770 Aug 24 13:22 passwd

./home:
total 8
drwxr-xr-x 2 damian damian 4096 Aug 24 12:16 damian

./home/damian:
total 0

./lib:
total 3324
-rwxr-xr-x 1 root root  121396 Aug 24 15:21 ld-linux.so.2
-rwxr-xr-x 1 root root    7972 Aug 24 11:49 libcom_err.so.2
-rwxr-xr-x 1 root root 1248780 Aug 24 11:49 libcrypto.so.6
-rwxr-xr-x 1 root root   27628 Aug 24 11:49 libcrypt.so.1
-rwxr-xr-x 1 root root 1532536 Aug 24 11:49 libc.so.6
-rwxr-xr-x 1 root root   16352 Aug 24 11:49 libdl.so.2
-rwxr-xr-x 1 root root   96040 Aug 24 11:49 libnsl.so.1
-rwxr-xr-x 1 root root   46608 May 12 14:09 libnss_files-2.4.so
lrwxrwxrwx 1 root root      19 Aug 24 11:49 libnss_files.so.2 -> libnss_files-2.4.so
-rwxr-xr-x 1 root root   76320 Aug 24 11:49 libresolv.so.2
-rwxr-xr-x 1 root root   85064 Aug 24 12:03 libselinux.so.1
-rwxr-xr-x 1 root root   13496 Aug 24 16:52 libtermcap.so.2
-rwxr-xr-x 1 root root   13496 Aug 24 16:52 libtermcap.so.2.0.8
-rwxr-xr-x 1 root root   15088 Aug 24 11:49 libutil.so.1

./usr:
total 24
drwxr-xr-x 2 root root 4096 Aug 24 11:49 bin
drwxr-xr-x 2 root root 4096 Aug 24 11:49 lib
drwxr-xr-x 3 root root 4096 Aug 24 11:49 libexec

./usr/bin:
total 88
-rwxr-xr-x 1 root root 18988 Aug 24 15:04 rssh
-rwxr-xr-x 1 root root 54052 Aug 24 11:49 scp

./usr/lib:
total 848
-rwxr-xr-x 1 root root 100208 Aug 24 11:49 libgssapi_krb5.so.2
-rwxr-xr-x 1 root root 152868 Aug 24 11:49 libk5crypto.so.3
-rwxr-xr-x 1 root root 481440 Aug 24 11:49 libkrb5.so.3
-rwxr-xr-x 1 root root  11684 Aug 24 11:49 libkrb5support.so.0
-rwxr-xr-x 1 root root  75632 Aug 24 11:49 libz.so.1

./usr/libexec:
total 60
drwxr-xr-x 2 root root  4096 Aug 24 11:49 openssh
-rwsr-xr-x 1 root root 47783 Aug 24 11:49 rssh_chroot_helper

./usr/libexec/openssh:
total 52
-rwxr-xr-x 1 root root 47356 Aug 24 11:49 sftp-server

rssh.conf
# This is the default rssh config file

# set the log facility.  "LOG_USER" and "user" are equivalent.
logfacility = LOG_USER

# Leave these all commented out to make the default action for rssh to lock
# users out completely...

#allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync

# set the default umask
umask = 022

# If you want to chroot users, use this to set the directory where the root of
# the chroot jail will be located.
#
# if you DO NOT want to chroot users, LEAVE THIS COMMENTED OUT.
chrootpath = "/hroots/hroot1"

# You can quote anywhere, but quotes not required unless the path contains a
# space... as in this example.
#chrootpath = "/usr/local/my chroot"

##########################################
# EXAMPLES of configuring per-user options

#user=rudy:077:00010:  # the path can simply be left out to not chroot
#user=rudy:077:00010   # the ending colon is optional

#user=rudy:011:00100:  # cvs, with no chroot
#user=rudy:011:01000:  # rdist, with no chroot
#user=rudy:011:10000:  # rsync, with no chroot
#user="rudy:011:00001:/usr/local/chroot"  # whole user string can be quoted
#user=rudy:01"1:00001:/usr/local/chroot"  # or somewhere in the middle, freak!
#user=rudy:'011:00001:/usr/local/chroot'  # single quotes too

# if your chroot_path contains spaces, it must be quoted...
# In the following examples, the chroot_path is "/usr/local/my chroot"
#user=rudy:011:00001:"/usr/local/my chroot"  # scp with chroot
#user=rudy:011:00010:"/usr/local/my chroot"  # sftp with chroot
#user=rudy:011:00011:"/usr/local/my chroot"  # both with chroot

# Spaces before or after the '=' are fine, but spaces in chrootpath need
# quotes.
#user = "rudy:011:00001:/usr/local/my chroot" 
#user = "rudy:011:00001:/usr/local/my chroot"  # neither do comments at line end
user=damian:011:00010:/hroots/hroot1  # sftp with chroot 

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
rssh-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rssh-discuss

Reply via email to