[Chrootssh-users] using a special SHELL script to force chroot

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I am one step away from installing the chrootssh patches on my
machine, but before I do I'd like to understand why I can't get my
backup plan to work.

I have a user who is only allowed to access my machine via sftp
their shell is set to a special perl script that looks at the
arguments and only allows sftp to be run.

now I think I have set up their home directory to be chroot ready. I
have a dev directory, I have lib with all the shared libraries they
need and from a commmnad prompt I can successfull do a

chroot /home/moron /usr/libexec/openssh/sftp-server

however when I add this line into their login script instead of 
exec /usr/libexec/openssh/sftp-server

my winscp client fails to connect (using sftp only)

does anyone have any clues as to what's missing in the login-shell
environment that is working fine at a regular prompt?

winscp comes up with this error message
> Connection has been unexpectedly closed. Server sent command exit
> status 255.

I realize this isn't chrootssh specific, but I do plan to use it (if I
can't get this working) and this might be a suitable alternative to
some people who don't want ssh but do want just sftp?

Thanks so much for your time

Alex

here is the list of all the files in my chroot directory

bin/
bin/cp
bin/ls
bin/mkdir
bin/mv
bin/rm
bin/rmdir
bin/sh
bin/bash
bin/sftp
dev/
dev/zero
dev/null
etc/
etc/ssh
etc/ssh/ssh_config
etc/ssh/ssh_host_key
etc/ssh/sshd_config
etc/ssh/ssh_host_key.pub
etc/ssh/ssh_host_rsa_key
etc/ssh/ssh_host_rsa_key.pub
etc/ssh/ssh_host_dsa_key
etc/ssh/ssh_host_dsa_key.pub
etc/ssh/moduli
etc/ssh/ssh_config.rpmnew
etc/ssh/sshd_config.rpmnew
lib/
lib/libnss_files.so.2
lib/libtermcap.so.2
lib/libdl.so.2
lib/i686
lib/i686/libc.so.6
lib/ld-linux.so.2
lib/libc.so.6
lib/libresolv.so.2
lib/libutil.so.1
lib/libnsl.so.1
lib/libcrypto.so.2
lib/libcrypt.so.1
lib/libz.so.1
lib/libgssapi_krb5.so.2
lib/libcom_err.so.3
lib/libk5crypto.so.3
lib/libkrb5.so.3
usr/
usr/libexec
usr/libexec/openssh
usr/libexec/openssh/sftp-server
usr/kerberos
usr/kerberos/lib
usr/kerberos/lib/libgssapi_krb5.so.2
usr/kerberos/lib/libkrb5.so.3
usr/kerberos/lib/libk5crypto.so.3
usr/kerberos/lib/libcom_err.so.3
usr/bin

there may be more there than I really need, but I can trim it back
once I get it working.

my special sftponly SHELL login script thing is here
#! /usr/bin/perl -w
#
# $Id: scponlyshell,v 1.1 2003/10/08 21:10:49 ark Exp $
#
# "Shell" for a restricted account, limiting the available commands
# Roland Mas, debian-sf (Sourceforge for Debian)
#
# Inspired from the grap.c file in Sourceforge 2.5

use strict ;
use vars qw/ @allowed_options @allowed_commands $errmsg @cmd / ;
use subs qw/ &reject / ;
no locale ;

@allowed_options = ('-c', '-e') ;
@allowed_commands = ('cvs','scp') ;

my($sftpServer)='/usr/libexec/openssh/sftp-server';

# Clean up our environment
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};

# we're expecting them to run "-c scp" or something with sftp-server in it
if ($#ARGV != 1) {
    if ($#ARGV < 1) {
        $errmsg = "Not enough arguments." ;
    } else {
        $errmsg = "Too many arguments." ;
    }
    &reject ;
}

if (scalar (grep { $_ eq $ARGV[0] } @allowed_options) == 0) {
    $errmsg = "Option not allowed." ;
    &reject ;
}

if ($ARGV[1]=~/sftp-server/){
    exec chroot /home/destiny $sftpServer;
    # exec $sftpServer;
    exit;
} else {
    @cmd = split (/ +/, $ARGV[1]) ;

    if (scalar (grep { $_ eq $cmd[0] } @allowed_commands) == 0) {
	$errmsg = "Command not allowed." ;
	&reject ;
    }
}

exec @cmd ;

sub reject {
    print "This is a restricted account.\n" .
        "You cannot execute anything here.\n" .
        # $errmsg . "\n" .
        "Goodbye.\n" ;
    if (open( ERR, ">>/tmp/scponlyerrors")){
	print ERR join("\n",@ARGV)."\n----\n";
	print ERR "ERROR WAS: $errmsg\n";
	close ERR;
    }
    exit 1 ;
}