hi
I'm trying to jail users on Solaris 10. rssh is 2.3.3. rssh and openssh were
compiled. Its built dynamic with PermitEnvironmentVariable no and specified
openssh sftp-server and scp. Its only sftp that is required and all users in
one jail. I referred to the CHROOT doc in the build then
http://www.sun.com/bigadmin/content/submitted/chroot_jail_rssh.jsp. I also
tried th solaris 9 script posted to the list. scp works but i need sftp too.
User added with home dir of jail and shell of rssh.
rssh.conf amended with -
uncomment allowsftp allowscp
set chrootpath to jail.
user=testuser:011:00010:/jail
So copied all dependencies for bash (I got an error about bash at one point),
sftp-server, rssh, rssh_chroot_helper.
Also copied /etc/group, passwd and shadow, rssh_chroot_helper, sftp,
sftp-server to jail locations same as live.
Not sure what I need for dynamic linker but copied /usr/lib/ld.so and ld.so.1
and /lib/ld.so.1
Copied ldd, rssh, ksh, pwd over.
mknod on /jail/dev/null with character settings as per live.
As my built ssh is in /usr/local/bin as opposed to /usr/bin I've coped to both
locations in the jail sftp etc.
Not sure what sftp-server to refer to in sshd_conf - tried referring to the
jail one also but no change.
But It doesn't work.
Client shows "Fatal: unable to initalise SFTP".
and /var/adm/messages
Sep 22 14:17:11 gon1ux05 sshd[2938]: [ID 800047 auth.info] Accepted password
for testuser from 172.27.136.8 port 33245 ssh2
Sep 22 14:17:11 gon1ux05 sshd[2940]: [ID 800047 auth.info] subsystem request
for sftp by user testuser
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] allowing sftp to all
users
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] setting umask to 022
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] chrooting all users
to /cedar/efin/v40
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] line 41: configuring
user testuser
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] setting testuser's
umask to 011
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] allowing sftp to
user testuser
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] chrooting testuser
to /cedar/efin/v40
Sep 22 14:17:11 gon1ux05 rssh[2941]: [ID 702911 user.info] chroot cmd line:
/usr/local/libexec/rssh_chroot_helper 2 "/usr/local/libexec/sftp-server"
ssh -v
OpenSSH_5.6p1, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to server port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6
debug1: match: OpenSSH_5.6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
My two thoughts are something around where its built openssh to or needing
extra special files I've seen referred to in other docs like service_door but
I've been unable to find anything on the net or list that shows anyone who has
got sftp on Solaris 10 working through rssh and what the secret is.
Elaine
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
rssh-discuss mailing list
rssh-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rssh-discuss
