[Chrootssh-users] Fixed - was:chrootssh code broken?
Brought to you by:
punkball
Menu
▾
▴
[Chrootssh-users] Fixed - was:chrootssh code broken?
|
From: Greg M. <gr...@ca...> - 2004-06-09 18:48:19
|
I got it working - no code modifications necessary in my case. Except to=
change the version banner in version.h to "OpenSSH_3.8.1p1_chroot" to=
confirm that I was in fact using the patched code. (Do telnet localhost=
22 to see the ssh banner.)
Although I had no trouble with "chroot /path/to/chroot /bin/sh", there was=
apparently more needed for sshd to function properly, which was not hinted=
at in the documentation.
I did "strace -eopen /usr/local/sbin/sshd" and got the following:
open("/etc/ld.so.preload", O_RDONLY) =3D -1 ENOENT (No such file or=
directory)
open("/etc/ld.so.cache", O_RDONLY) =3D 3
open("/lib/libresolv.so.2", O_RDONLY) =3D 3
open("/lib/libutil.so.1", O_RDONLY) =3D 3
open("/usr/local/lib/libz.so.1", O_RDONLY) =3D 3
open("/lib/libnsl.so.1", O_RDONLY) =3D 3
open("/lib/libcrypt.so.1", O_RDONLY) =3D 3
open("/lib/libc.so.6", O_RDONLY) =3D 3
open("/usr/lib/libgcc_s.so.1", O_RDONLY) =3D 3
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) =3D 3
open("/usr/local/etc/sshd_config", O_RDONLY|O_LARGEFILE) =3D 3
open("/usr/local/etc/ssh_host_dsa_key", O_RDONLY|O_LARGEFILE) =3D 3
open("/etc/nsswitch.conf", O_RDONLY) =3D 3
open("/etc/ld.so.cache", O_RDONLY) =3D 3
open("/lib/libnss_files.so.2", O_RDONLY) =3D 3
open("/etc/passwd", O_RDONLY) =3D 3
I already had found most, if not all, of the libs with "ldd", but I was=
missing /dev/urandom and all of the /etc files. After copying all of=
these to the corresponding place in the chroot environment it worked.
All of these may not be necessary. If I had the time, I would go through=
the process of elimination to determine what is really needed and what=
isn't, but for the moment I am happy just to have it working.
Another hint to anyone trying to do this who is as inexperienced as I am.=
In the chroot documentation, it says:
mknod zero c 13 12; mknod null c 13 2
Unless you are running the same system as the author, your numbers will=
probably be different - and /dev/urandom may be needed also. Do ls=
/dev/zero, ls /dev/null, and ls /dev/urandom to see what the correct=
numbers are for your system.
Good luck.
Greg
|
