[SGVLUG] chroot on sftp - UPDATE

groupskhasely at mac.com groupskhasely at mac.com
Fri Nov 17 12:08:28 PST 2006


Several years ago I built an Secure FTP server, and created a webmin  
module to help manage it.  I wish the documentation, and module was  
still around.  There is a shell (it's basically a shell script called  
scponly) that limits the users access to sftp commands only.  Their  
documentation describes the process of creating a Secure FTP server,  
"http://sublimation.org/scponly/wiki/index.php/Install".  I hope this  
helps.


On Nov 17, 2006, at 7:01 AM, James Neff wrote:

> After following new directions from this site:
>
> http://www.netadmintools.com/art294.html
>
> I was able to get an SSH session chroot'ed but my sFTP is still not  
> working yet.
>
> The debugging output from my client looks like this:
>
> Trace:    FzSFtp.exe: Ssh.c(6483): Access granted
> Trace:    FzSFtp.exe: Ssh.c(7161): Opened channel for session
> Trace:    FzSFtp.exe: Ssh.c(7416): Started a shell/command
> Trace:    FzSFtp.exe: Ssh.c(788): Server sent command exit status 127
> Trace:    FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
> Trace:    FzSFtp.exe: Ssh.c(2535): Server closed network connection
> Response:    Fatal: unable to initialise SFTP: could not connect
> Trace:    SftpControlSocket.cpp(2393): DoClose(0)   caller=0x003de05c
> Trace:    SftpControlSocket.cpp(2423): ResetOperation(4100)    
> caller=0x003de05c
> Error:    Unable to connect!
>
>
>
> I think I'm making progress because at least the ssh part works.
>
> Can anyone point me in the right direction to get sFTP to cooperate?
>
> Thanks,
> Jim
>
>
>
>
> James Neff wrote:
>> I'm trying to get chroot set up on our sftp server (using  
>> openssh-4.5p1-chroot).  This came already patched for me.
>>
>> Here is the output from my ftp client:
>>
>> Trace:    FzSFtp.exe: Ssh.c(7064): Sent password
>> Trace:    FzSFtp.exe: Ssh.c(6483): Access granted
>> Trace:    FzSFtp.exe: Ssh.c(7161): Opened channel for session
>> Trace:    FzSFtp.exe: Ssh.c(7416): Started a shell/command
>> Trace:    FzSFtp.exe: Ssh.c(788): Server sent command exit status 1
>> Trace:    FzSFtp.exe: Ssh.c(5909): All channels closed. Disconnecting
>> Trace:    FzSFtp.exe: Ssh.c(2535): Server closed network connection
>> Response:    Fatal: unable to initialise SFTP: could not connect
>> Trace:    SftpControlSocket.cpp(2393): DoClose(0)   caller=0x003ddc9c
>> Trace:    SftpControlSocket.cpp(2423): ResetOperation(4100)    
>> caller=0x003ddc9c
>> Error:    Unable to connect!
>>
>>
>> I obviously don't have something set up right.  My guess is I  
>> don't have the right files in the jail directory.
>>
>> The howto I am using is here:
>>
>> http://www-unix.oit.umass.edu/~coreya/OpenBSD/chroot_ssh/#installing
>>
>> Can I ask a stupid question?  If I want to set up chroot for  
>> several users, do I have to copy all of those system folders and  
>> files, that the HOWTO told me I need, into each users directory?
>>
>> I want my users to use sFTP to be chrooted into their respective  
>> home folders.  Is this the correct syntax in the passwd folder:
>>
>> joe:x:500:500:Joe:/home/joe/./:/bin/bash
>>
>> If I take out the "./" regular sFTP works, its just not chrooted.
>>
>> The HOWTO I was following was several years old.  Are there better  
>> instructions somewhere on how to do this?  Also the HOWTO was for  
>> a different distro and I made my best guess as to where the files  
>> were on my distribution.  I kinda feel like I'm trying to hit a  
>> target with an arrow in the pitch dark.
>> Thanks for any and all help,
>> James
>>



More information about the SGVLUG mailing list