dev/null yes... dev/zero -- no I did not have that one... So now I have: srw-rw-rw- 1 root root 0 Apr 7 13:27 log crw-r--r-- 1 root root 1, 3 Apr 7 13:57 null crw-r--r-- 1 root root 1, 5 Apr 7 17:12 zero I tried shortening the path in the jail copy of passwd to have the home dir set to /ahosp... But, still same results - same output in messages log and same Connection closed.
On 4/7/2011 6:09 PM, Eric Gottesman wrote: > Did you remember to create /dev/null and /dev/zero? > > Also, make sure you change the user's home directory in /etc/passwd to the > appropriate in-jail path. > > > On 4/7/11 3:06 PM, "Larry Irwin"<mkit...@gmail.com> wrote: > > /etc/passwd in the jail is a copy of /etc/passwd - for now... > I was going to remove everything but root and the user after I got it > working... > Like you do for some versions of jails for ftp servers. > The thing that is troubling me is that I can chroot from the command > prompt and run "ls" and "sftp-server" without issue. > (I set up ls as well so I could browse around after chroot'ing) > And I've successfully set up dev/log, but there aren't any errors being > generated. > If I had a clue how to debug rssh_chroot_helper, I'd be able to dig a > bit further... > It looks like it runs like this: > /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" > I just don't have any output - like the exit status - at all... So it > looks like it thinks it exited with a 0. > > On 4/7/2011 5:13 PM, Eric Gottesman wrote: >> You're almost certainly missing a file somewhere in your chroot jail, but >> also, do you have the user set up correctly in the jail's /etc/passwd and >> whatnot? >> >> >> >> >> On 4/7/11 1:17 PM, "lrirwin"<lrir...@alum.wustl.edu> wrote: >> >> Hi, >> >> The server I am trying to get this working on is RHEL5 >> 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 >> GNU/Linux >> OpenSSH Version is: OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> ssh and sftp work fine for admin uses, but I need to set up an sftp >> folder for a third party drop-off for importing data. >> I compiled and installed from "rssh-2.3.3.tar.gz" using simply >> ./configure and make install signed in as root. >> I added a user and built a chroot jail with a home folder for that user >> below the jail. >> The jail is: /u/www/pe5/clients/prexhop/hl7/rawimport >> The user's passwd entry is: >> hopftp:x:1901:50::/u/www/pe5/clients/prexhop/hl7/rawimport/ahosp:/usr/local/bin/rssh >> The rssh.conf file has a single line in it: user = >> hopftp:000:00010:/u/www/pe5/clients/prexhop/hl7/rawimport >> I set up dev/log and bin/ls additionally so I could catch messages >> after chroot'ing and got through all the obvious trip-ups... >> (like: "rssh_chroot_helper[8018]: execv() failed, >> /usr/libexec/openssh/sftp-server: No such file or directory", which was >> actually sftp-server needing the libs for determining the UID in the >> jail...) >> Then I was able to, from the command prompt, signed on as root: >> --- >> # cd /u/www/pe5/clients/prexhop/hl7/rawimport >> # chroot . >> # cd /ahosp >> # /usr/libexec/openssh/sftp-server >> --- >> Which executes sftp-server without error at this point, but of course >> since I can't interact with sftp-server via the keyboard properly, it >> drops out after I hit enter. >> >> Then, from a remote site, I try to use the account for sftp and the >> session looks like this (not the real IP, just an example): >> >> # sftp hopftp@2.2.2.2 >> Connecting to 2.2.2.2... >> hopftp@2.2.2.2's password: >> Connection closed >> >> (the password is not the issue, if I change the user's shell to bash, I >> can login from a remote site using ssh without any problems) >> The resulting entries in /var/log/messages are (again the IP isn't real): >> Apr 7 14:43:05 pe sshd[1076]: Accepted password for hopftp from >> 28.28.28.28 port 49933 ssh2 >> Apr 7 14:43:05 pe sshd[1076]: subsystem request for sftp >> Apr 7 14:43:05 pe rssh[1389]: line 1: configuring user hopftp >> Apr 7 14:43:05 pe rssh[1389]: setting hopftp's umask to 0 >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: new session for hopftp, >> UID=1901 >> Apr 7 14:43:05 pe rssh[1389]: allowing sftp to user hopftp >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: user's home dir is >> /u/www/pe5/clients/prexhop/hl7/rawimport/ahosp >> Apr 7 14:43:05 pe rssh[1389]: chrooting hopftp to >> /u/www/pe5/clients/prexhop/hl7/rawimport >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: chrooted to >> /u/www/pe5/clients/prexhop/hl7/rawimport >> Apr 7 14:43:05 pe rssh[1389]: chroot cmd line: >> /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: changing working directory >> to /ahosp (inside jail) >> >> Based on a few items I saw about about other UID issues that might be >> causing trouble, I tried: >> cd /lib; find . -print | cpio -pmud >> /u/www/pe5/clients/prexhop/hl7/rawimport/lib >> cd /lib64; find . -print | cpio -pmud >> /u/www/pe5/clients/prexhop/hl7/rawimport/lib64 >> But that did not make any difference. >> >> It looks like everything should be working - no errors anywhere... but >> it drops to "Connection closed"... >> Any help would be greatly appreciated, >> Larry Irwin >> CCA Medical >> >> >> >> ------------------------------------------------------------------------------ >> Xperia(TM) PLAY >> It's a major breakthrough. An authentic gaming >> smartphone on the nation's most reliable network. >> And it wants your games. >> http://p.sf.net/sfu/verizon-sfdev >> _______________________________________________ >> rssh-discuss mailing list >> rssh-discuss@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/rssh-discuss >> >> >> >> > > ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
