[SGVLUG] chroot on sftp

James Neff jneff at tethyshealth.com
Thu Nov 16 11:00:11 PST 2006


I'm trying to get chroot set up on our sftp server (using 
openssh-4.5p1-chroot).  This came already patched for me.

Here is the output from my ftp client:

Trace:    FzSFtp.exe: Ssh.c(7064): Sent password
Trace:    FzSFtp.exe: Ssh.c(6483): Access granted
Trace:    FzSFtp.exe: Ssh.c(7161): Opened channel for session
Trace:    FzSFtp.exe: Ssh.c(7416): Started a shell/command
Trace:    FzSFtp.exe: Ssh.c(788): Server sent command exit status 1
Trace:    FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
Trace:    FzSFtp.exe: Ssh.c(2535): Server closed network connection
Response:    Fatal: unable to initialise SFTP: could not connect
Trace:    SftpControlSocket.cpp(2393): DoClose(0)   caller=0x003ddc9c
Trace:    SftpControlSocket.cpp(2423): ResetOperation(4100)   
caller=0x003ddc9c
Error:    Unable to connect!


I obviously don't have something set up right.  My guess is I don't have 
the right files in the jail directory.

The howto I am using is here:

http://www-unix.oit.umass.edu/~coreya/OpenBSD/chroot_ssh/#installing

Can I ask a stupid question?  If I want to set up chroot for several 
users, do I have to copy all of those system folders and files, that the 
HOWTO told me I need, into each users directory?

I want my users to use sFTP to be chrooted into their respective home 
folders.  Is this the correct syntax in the passwd folder:

joe:x:500:500:Joe:/home/joe/./:/bin/bash

If I take out the "./" regular sFTP works, its just not chrooted.

The HOWTO I was following was several years old.  Are there better 
instructions somewhere on how to do this?  Also the HOWTO was for a 
different distro and I made my best guess as to where the files were on 
my distribution.  I kinda feel like I'm trying to hit a target with an 
arrow in the pitch dark. 

Thanks for any and all help,
James



More information about the SGVLUG mailing list