internal-sftp chroot requires passwd, group

2009-09-28
2013-04-16
  • Hi!

    I recently tried to configure a chrooted SFTP-only account using internal-sftp as follows:


    <pre>
    Subsystem       sftp    internal-sftp
    Match User sftpuser
            ChrootDirectory /sftpdir
            X11Forwarding no
            AllowTcpForwarding no
            ForceCommand internal-sftp
    </pre>


    This works like a charm on both Linux and FreeBSD, no further files are required within the chrooted directory if internal-sftp is used. On AIX however (using the most recent OpenSSH version: OpenSSH_5.0p1, OpenSSL 0.9.8h) this does not work. A "truss /usr/sbin/sshd -Dddd" revealed, that apparently a passwd and group file in the chroot dir (/sftpdir) are still required.

    Does anyone know any reason why AIX needs those files whereas Linux doesn't?

    Ys, Aurel Bodenmann

     
  • Hi!

    Thanks for your reply, I'll check it out. It's just that it would be awesome if the official, precompiled version would already support that feature (="file-less chroot").