Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    SFTP server chrooted

    I am setting up an sftp server but want each user account chrooted to it's own jail. I have followed but am having problems getting it to work. I connect using sftp but the connection is immediately closed.

    I have got allowsftp in my rssh.conf and I've also got /dev/null and /dev/log inside the jail, as well as library dependencies. I actually compiled a static openssh and static rssh to minimize the need for libraries inside the jails, so really I only have the following in my jail:
    srw-rw-rw- 1 root root      0 Mar 26 18:49 dev/log
    crw-rw-rw- 1 root root   1, 3 Mar 27 14:43 dev/null
    -rw-r--r-- 1 root root     13 Mar 27 17:48 etc/group
    -rw-r--r-- 1 root root     44 Mar 27 16:49 etc/passwd
    -rw-r--r-- 1 root root     59 Mar 27 17:48 etc/shadow
    -rwxr-xr-x 1 root root 109696 Mar 27 14:40 lib/
    -rwxr-xr-x 1 root root  22456 Mar 27 14:40 lib/
    -rwxr-xr-x 1 root root  30836 Mar 27 14:41 lib/
    -rwxr-xr-x 1 root root 578776 Mar 27 17:03 usr/bin/sftp
    total 1108
    -rwx--x--x 1 root root 573240 Mar 27 14:38 rssh_chroot_helper
    -rwxr-xr-x 1 root root 549164 Mar 27 14:39 sftp-server
    I have also got the chroot patch on my openssh installation but am unsure how to use it. I have done the /home/user/./ trick in /etc/passwd which seems to chroot the user to their home dir but the connection is again immediately closed without giving the sftp prompt.

    Any ideas?

    Do you have a better way of doing a chrooted sftp server, perhaps without libraries inside the jail?

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Do you have a better way of doing a chrooted sftp server, perhaps without libraries inside the jail?
    Coincidentally, I've just recently started a similar topic on one of the BSD forums to solicit ideas on good approaches to chrooted sftp.

    This is a common problem/question, and I haven't found a solution that I'm thrilled about yet. I will let you know if something revolutionary pans out of that discussion (assuming it's not FBSD-specific, that is).

    What I have done in the past is used scponly which (I think) is pretty similar in concept to rssh. It's easy to install and configure. If you want to chroot the sftp sessions it is a bit more work, but it is all well documented. Using chrooted sftp w/ scponly means having another suid binary, though.

    Anyway, good luck. I'll tack on a reply if I learn something relevant.

  3. #3
    thanks i've switched to scponly as somebody said rssh was lame and I have to say that scponly seems easier, but so far my setup is not working with the chroot and I've been going nuts trying to make this work...

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts