Re: Trying to run rssh on my Synology DS1512+ NAS

Sandeep Dudam संदीप दुडम Wed, 31 Oct 2012 22:40:45 -0700

Hi Rehan,

I worked very little on rssh and I had similar problems of not logging into
system; mine was RHEL5.5.
The workaround I used is that the folder which was jail rooted  (in your
case /volume1/backup) should have some of the system libraries to be copied
from the same system


For example: In my case - jail root folder is - "*/opt/xfer/public/*" it
has following structure -

*#root# ls - l **/opt/xfer/public/*
drwxrwxr-x  2 root  root       4096 Sep  7 16:03 bin
drwxrwxr-x  2 root  root       4096 Sep  7 16:03 dev
drwxrwxr-x  3 root  root       4096 Sep 18 17:12 etc
drwxrwxr-x  3 root  root       4096 Sep  7 16:03 home
drwxrwxr-x  2 root  root       4096 Sep  7 16:03 lib
drwxrwxr-x  5 root  root       4096 Sep  7 16:03 usr

*#root# ls -l **/opt/xfer/public/**
bin:
total 0

dev:
total 0
crw-rw-rw- 1 root root 1, 3 Sep  7 16:03 null

etc:
total 48
-rw-r--r-- 1 root root   914 Sep  7 16:03 group
-rw-r--r-- 1 root root    68 Sep  7 16:03 hosts
-rw-r--r-- 1 root root 25437 Sep  7 16:03 ld.so.cache
-rw-r--r-- 1 root root    28 Sep  7 16:03 ld.so.conf
drwxr-xr-x 2 root root  4096 Aug 14 22:09 ld.so.conf.d
-rw-r--r-- 1 root root  2619 Sep 18 17:12 passwd

home:
total 4
drwxrwxr-x 2 root other 4096 Sep  7 16:03 ftpusers

lib:
total 4060
-rwxr-xr-x 1 root root  129504 Sep  7 16:03 ld-linux.so.2
-rwxr-xr-x 1 root root 1710828 Sep  7 16:03 libc.so.6
-rwxr-xr-x 1 root root    6300 Sep  7 16:03 libcom_err.so.2
-rwxr-xr-x 1 root root   47712 Sep  7 16:03 libcrypt.so.1
-rwxr-xr-x 1 root root 1316736 Sep  7 16:03 libcrypto.so.6
-rwxr-xr-x 1 root root   18812 Sep  7 16:03 libdl.so.2
-rwxr-xr-x 1 root root    6596 Sep  7 16:03 libkeyutils.so.1
-rwxr-xr-x 1 root root  107924 Sep  7 16:03 libnsl.so.1
-rwxr-xr-x 1 root root   36416 Sep  7 16:03 libnss_compat-2.5.so
-rwxr-xr-x 1 root root   36416 Sep  7 16:03 libnss_compat.so.2
-rwxr-xr-x 1 root root   50848 Sep  7 16:03 libnss_files-2.5.so
-rwxr-xr-x 1 root root   50848 Sep  7 16:03 libnss_files.so.2
-rwxr-xr-x 1 root root  131540 Sep  7 16:03 libpthread.so.0
-rwxr-xr-x 1 root root   83088 Sep  7 16:03 libresolv.so.2
-rwxr-xr-x 1 root root   91892 Sep  7 16:03 libselinux.so.1
-rwxr-xr-x 1 root root  243928 Sep  7 16:03 libsepol.so.1
-rwxr-xr-x 1 root root   13492 Sep  7 16:03 libutil.so.1

usr:
total 12
drwxrwxr-x 2 root root 4096 Sep  7 16:03 bin
drwxrwxr-x 2 root root 4096 Sep  7 16:03 lib
drwxrwxr-x 3 root root 4096 Sep  7 16:03 libexec


*#root# ls -l /opt/xfer/public/usr/**
bin:
total 108
-rwxr-xr-x 1 root root 18988 Sep  7 16:03 rssh
-rwxr-xr-x 1 root root 84620 Sep  7 16:03 sftp

lib:
total 2624
-rwxr-xr-x 1 root root  184812 Sep  7 16:03 libgssapi_krb5.so.2
-rwxr-xr-x 1 root root  155640 Sep  7 16:03 libk5crypto.so.3
-rwxr-xr-x 1 root root  611948 Sep  7 16:03 libkrb5.so.3
-rwxr-xr-x 1 root root   32312 Sep  7 16:03 libkrb5support.so.0
-rwxr-xr-x 1 root root  230640 Sep  7 16:03 libnspr4.so
-rwxr-xr-x 1 root root 1203700 Sep  7 16:03 libnss3.so
-rwxr-xr-x 1 root root  119748 Sep  7 16:03 libnssutil3.so
-rwxr-xr-x 1 root root   14008 Sep  7 16:03 libplc4.so
-rwxr-xr-x 1 root root    9976 Sep  7 16:03 libplds4.so
-rwxr-xr-x 1 root root   73836 Sep  7 16:03 libz.so.1

libexec:
total 52
drwxrwxr-x 2 root root  4096 Sep  7 16:03 openssh
-rwsr-xr-x 1 root root 47783 Sep  7 16:03 rssh_chroot_helper


*#root# ls -l /opt/xfer/public/usr/libexec/openssh/**
-rwxr-xr-x 1 root root 50432 Sep  7 16:03 libexec/openssh/sftp-server


Additional changes are  -

1. Add ftp user entry to the jail root folder's passwd file i.e. in my case
*ftpuser* is added to file */opt/xfer/public/etc/passwd*

*$ getent passwd ftpuser*
ftpuser:x:2010:502:ftpuser user:/opt/xfer/public:/usr/bin/rssh

*$ id ftpuser*
uid=2010(ftpuser) gid=502(other) groups=502(other)

2. Also modify the home directory of ftpuser to "*/volume1/backup*"

3.  Add "*chrootpath = /volume1/backup*" to rssh.conf file, if not already
added.


I hope this may resolve your problem.
-- 
-----------
Thanks and Regards,
Sandeep Chandrakant Dudam ( संदीप चंद्रकांत दुडम )
Google Talk ID: sandeep.dudam
Linked-In Profile: http://in.linkedin.com/pub/sandeep-dudam/20/652/812
Facebook: http://www.facebook.com/people/Sandeep-Dudam/100001905343252


On Fri, Oct 26, 2012 at 4:54 AM, Rehan S. Alvi <rehansa...@gmail.com> wrote:

> Hello everyone,
>
> I'm new to this list so please forgive me if I make any errors. I am
> trying to setup rssh to work on my Synology DS1512+ NAS running BusyBox
> v1.16.1. My objective is to allow a user that I created (ftpuser) to be
> able to login and only have access to sftp and scp.
>
> I have my Synology bootstrapped and am using ipkg to install rssh (ipkg
> install rssh). This also installs openSSH, openssl, openssh-sftp-server and
> zlib. I then edit my user (ftpuser) setting in /etc/passwd and change the
> ftpuser's line to the following: ftpuser:x:1042:100:FTP
> User:/var/services/homes/ftpuser:/opt/bin/rssh
>
> I then edited my /etc/ssh/sshd_config and comment out the existing line
> of: Subsystem       sftp    internal-sftp -f DAEMON -u 000
> and add: Subsystem      sftp    /opt/libexec/sftp-server
>
> I also edit /opt/etc/rssh.conf and uncomment allowscp and allowsftp.
> I then edit /etc/shells and add /opt/bin/rssh to the file and save it.
>
> I then restart my NAS box and try to login via FileZilla. I want ftpuser
> to only have access to /volume1/backup. I login with filezilla but instead
> of going to /volume1/backup it takes me to '/' instead. So I edit
> /opt/etc/rssh.conf and add the following
> line: user=ftpuser:011:00011:/volume1/backup
>
> Now I am unable to login at all. I have two questions:
>
> 1) How can I make it so that ftpuser can only access /volume1/backup?
> 2) Is there a way that I can use the existing SSH that is already a part
> of the NAS' built-in software instead of using OpenSSH? The reason I ask is
> because when I seem to use the OpenSSH package that is installed with rssh,
> I no longer have the ability to toggle the SSH via the web GUI, and I am
> wondering if there isn't a way to have rssh work with the existing package.
>
> Thank you for taking the time to read this. I am grateful for any help
> that you may be able to provide.
>
>
> --
> Rehan S. Alvi
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct
> _______________________________________________
> rssh-discuss mailing list
> rssh-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rssh-discuss
>
>

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct

_______________________________________________
rssh-discuss mailing list
rssh-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rssh-discuss

Re: Trying to run rssh on my Synology DS1512+ NAS

Reply via email to