[SGVLUG] chroot on sftp - UPDATE
groupskhasely at mac.com
groupskhasely at mac.com
Fri Nov 17 12:08:28 PST 2006
Several years ago I built an Secure FTP server, and created a webmin
module to help manage it. I wish the documentation, and module was
still around. There is a shell (it's basically a shell script called
scponly) that limits the users access to sftp commands only. Their
documentation describes the process of creating a Secure FTP server,
"http://sublimation.org/scponly/wiki/index.php/Install". I hope this
helps.
On Nov 17, 2006, at 7:01 AM, James Neff wrote:
> After following new directions from this site:
>
> http://www.netadmintools.com/art294.html
>
> I was able to get an SSH session chroot'ed but my sFTP is still not
> working yet.
>
> The debugging output from my client looks like this:
>
> Trace: FzSFtp.exe: Ssh.c(6483): Access granted
> Trace: FzSFtp.exe: Ssh.c(7161): Opened channel for session
> Trace: FzSFtp.exe: Ssh.c(7416): Started a shell/command
> Trace: FzSFtp.exe: Ssh.c(788): Server sent command exit status 127
> Trace: FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
> Trace: FzSFtp.exe: Ssh.c(2535): Server closed network connection
> Response: Fatal: unable to initialise SFTP: could not connect
> Trace: SftpControlSocket.cpp(2393): DoClose(0) caller=0x003de05c
> Trace: SftpControlSocket.cpp(2423): ResetOperation(4100)
> caller=0x003de05c
> Error: Unable to connect!
>
>
>
> I think I'm making progress because at least the ssh part works.
>
> Can anyone point me in the right direction to get sFTP to cooperate?
>
> Thanks,
> Jim
>
>
>
>
> James Neff wrote:
>> I'm trying to get chroot set up on our sftp server (using
>> openssh-4.5p1-chroot). This came already patched for me.
>>
>> Here is the output from my ftp client:
>>
>> Trace: FzSFtp.exe: Ssh.c(7064): Sent password
>> Trace: FzSFtp.exe: Ssh.c(6483): Access granted
>> Trace: FzSFtp.exe: Ssh.c(7161): Opened channel for session
>> Trace: FzSFtp.exe: Ssh.c(7416): Started a shell/command
>> Trace: FzSFtp.exe: Ssh.c(788): Server sent command exit status 1
>> Trace: FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
>> Trace: FzSFtp.exe: Ssh.c(2535): Server closed network connection
>> Response: Fatal: unable to initialise SFTP: could not connect
>> Trace: SftpControlSocket.cpp(2393): DoClose(0) caller=0x003ddc9c
>> Trace: SftpControlSocket.cpp(2423): ResetOperation(4100)
>> caller=0x003ddc9c
>> Error: Unable to connect!
>>
>>
>> I obviously don't have something set up right. My guess is I
>> don't have the right files in the jail directory.
>>
>> The howto I am using is here:
>>
>> http://www-unix.oit.umass.edu/~coreya/OpenBSD/chroot_ssh/#installing
>>
>> Can I ask a stupid question? If I want to set up chroot for
>> several users, do I have to copy all of those system folders and
>> files, that the HOWTO told me I need, into each users directory?
>>
>> I want my users to use sFTP to be chrooted into their respective
>> home folders. Is this the correct syntax in the passwd folder:
>>
>> joe:x:500:500:Joe:/home/joe/./:/bin/bash
>>
>> If I take out the "./" regular sFTP works, its just not chrooted.
>>
>> The HOWTO I was following was several years old. Are there better
>> instructions somewhere on how to do this? Also the HOWTO was for
>> a different distro and I made my best guess as to where the files
>> were on my distribution. I kinda feel like I'm trying to hit a
>> target with an arrow in the pitch dark.
>> Thanks for any and all help,
>> James
>>
More information about the SGVLUG
mailing list