Based on the latest minor security issue with 2.1.1, I've
tried to upgrade to 2.2.1, and I've been having some trouble.
It goes like this:
I'm using Solaris 9, OpenSSH 3.8.1p1, and trying to move
to 2.2.1 of rssh from 2.1.1 in a chrooted environment. I am
allowing both scp and sftp via the rssh_config file.
I downloaded and built 2.2.1 with the defaults, moved the new rssh
programs in both /usr/local and the /[chrooted]/usr/local, and now
chroot doesn't work. After entering the correct password, the user
sees "Connection closed." The following error gets reported in
Jun 23 16:41:57 HOST rssh: [ID 853327 user.info] chroot cmd
line: /usr/local/libexec/rssh_chroot_helper "/CHROOT" 2 "/u1/marty"
Jun 23 16:41:57 HOST rssh_chroot_helper: [ID 630356 user.info]
new session for marty, UID=[not provided]
Jun 23 16:41:57 HOST rssh_chroot_helper: [ID 919885
error expanding arguments for user marty
If I comment out the chrootpath line in rssh.conf, everything
works, but of course I'm not chrooted anymore. At least it proves
that the 2.2.1 binaries might be built okay. There were no
errors reported during the make.
I've done an ldd on the new rssh and rssh_chroot_helper, and it
looks like I've got everything needed from /usr/lib in the
chrooted environment. To be sure, I copied the entire contents
of /usr/lib to the chrooted environment and it still failed.
I also examined the new script to make a Linux chroot area,
and made sure everything is there, at least as close
as I can get for Solaris.
If I replace the executables with the 2.1.1 versions, everything
works again, including the chroot, so it looks like something
really changed for 2.2.1.
I'm going to continue to try more things, but I was wondering if
anyone has seen this before and may have found a fix, even with
prior versions of rssh. I guess I must still be missing something
in the chrooted area for 2.2.1 that 2.1.1 didn't need?