[SGVLUG] chroot on sftp - UPDATE

James Neff jneff at tethyshealth.com
Fri Nov 17 07:01:50 PST 2006


After following new directions from this site:

http://www.netadmintools.com/art294.html

I was able to get an SSH session chroot'ed but my sFTP is still not 
working yet.

The debugging output from my client looks like this:

Trace:    FzSFtp.exe: Ssh.c(6483): Access granted
Trace:    FzSFtp.exe: Ssh.c(7161): Opened channel for session
Trace:    FzSFtp.exe: Ssh.c(7416): Started a shell/command
Trace:    FzSFtp.exe: Ssh.c(788): Server sent command exit status 127
Trace:    FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
Trace:    FzSFtp.exe: Ssh.c(2535): Server closed network connection
Response:    Fatal: unable to initialise SFTP: could not connect
Trace:    SftpControlSocket.cpp(2393): DoClose(0)   caller=0x003de05c
Trace:    SftpControlSocket.cpp(2423): ResetOperation(4100)   
caller=0x003de05c
Error:    Unable to connect!



I think I'm making progress because at least the ssh part works.

Can anyone point me in the right direction to get sFTP to cooperate?

Thanks,
Jim




James Neff wrote:
> I'm trying to get chroot set up on our sftp server (using 
> openssh-4.5p1-chroot).  This came already patched for me.
>
> Here is the output from my ftp client:
>
> Trace:    FzSFtp.exe: Ssh.c(7064): Sent password
> Trace:    FzSFtp.exe: Ssh.c(6483): Access granted
> Trace:    FzSFtp.exe: Ssh.c(7161): Opened channel for session
> Trace:    FzSFtp.exe: Ssh.c(7416): Started a shell/command
> Trace:    FzSFtp.exe: Ssh.c(788): Server sent command exit status 1
> Trace:    FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
> Trace:    FzSFtp.exe: Ssh.c(2535): Server closed network connection
> Response:    Fatal: unable to initialise SFTP: could not connect
> Trace:    SftpControlSocket.cpp(2393): DoClose(0)   caller=0x003ddc9c
> Trace:    SftpControlSocket.cpp(2423): ResetOperation(4100)   
> caller=0x003ddc9c
> Error:    Unable to connect!
>
>
> I obviously don't have something set up right.  My guess is I don't 
> have the right files in the jail directory.
>
> The howto I am using is here:
>
> http://www-unix.oit.umass.edu/~coreya/OpenBSD/chroot_ssh/#installing
>
> Can I ask a stupid question?  If I want to set up chroot for several 
> users, do I have to copy all of those system folders and files, that 
> the HOWTO told me I need, into each users directory?
>
> I want my users to use sFTP to be chrooted into their respective home 
> folders.  Is this the correct syntax in the passwd folder:
>
> joe:x:500:500:Joe:/home/joe/./:/bin/bash
>
> If I take out the "./" regular sFTP works, its just not chrooted.
>
> The HOWTO I was following was several years old.  Are there better 
> instructions somewhere on how to do this?  Also the HOWTO was for a 
> different distro and I made my best guess as to where the files were 
> on my distribution.  I kinda feel like I'm trying to hit a target with 
> an arrow in the pitch dark.
> Thanks for any and all help,
> James
>


More information about the SGVLUG mailing list