[Chrootssh-users] Updated Help with chroot-ssh/sftp on Solaris 9

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

            All, I have gotten futher.. Im now able to sftp as root but
root is not jailed in /etc/passwd.  As my non root user who is jailed in
the /etc/password it still fails.. Any ideas? If I unjail my user in
/etc/password they can successfully sftp.

=20

=20

RR

=20

________________________________

From: Rebstock, Roland=20
Sent: Friday, May 18, 2007 4:32 PM
To: 'chr...@li...'
Subject: Help with chroot-ssh/sftp on Solaris 9

=20

    I have followed the instructions on installing Chroot'd Openssh on
Solaris9.  I have the ssh jail working but when i attempt to sftp I
authenticate via sftp -v but then it automatically closes the
connection.  Any ideas?=20

rolandsworld:> ssh -V
OpenSSH_3.9p1, OpenSSL 0.9.8d 28 Sep 2006

=20

rolandsworld:> ls -la /bin/ssh
lrwxrwxrwx   1 root     other         16 May 18 11:50 /bin/ssh ->
/opt/ssh/bin/ssh

rolandsworld:> cd /home/chroot/usr/lib

rolandsworld:> ls
ld.so.1         libcmd.so.1     libgen.so.1     libnsl.so.1
libsecdb.so.1
libaio.so.1     libdl.so.1      libmd5.so.1     libresolv.so.2
libsocket.so.1
libc.so.1       libelf.so.1     libmp.so.2      librt.so.1      libz.so

=20

/home/chroot/dev
rolandsworld:> ls -la
total 2
drwxr-xr-x   2 root     other         96 May 18 15:43 .
drwxrwxrwx   7 root     other       1024 May 18 15:42 ..
crw-rw-rw-   1 root     other     13,  2 May 18 15:43 null
crw-rw-rw-   1 root     other     13, 12 May 18 15:42 zero

/home/chroot/usr/local

rolandsworld:> ls -la *
lib:
total 1544
drwxr-xr-x   2 root     other         96 May 18 15:42 .
drwxr-xr-x   6 root     other         96 May 18 16:06 ..
-rw-r--r--   1 root     other     789648 May 18 15:42 libgcc_s.so.1

=20

libexec:
total 60
drwxr-xr-x   2 root     other         96 May 18 16:06 .
drwxr-xr-x   6 root     other         96 May 18 16:06 ..
-rwsr-sr-x   1 root     other      30428 May 18 16:06 sftp-server

=20

sbin:
total 60
drwxr-xr-x   2 root     other         96 May 18 16:07 .
drwxr-xr-x   6 root     other         96 May 18 16:06 ..
-rwsr-sr-x   1 root     other      30428 May 18 16:07 sftp-server

=20

ssl:
total 2
drwxr-xr-x   3 root     other         96 May 18 15:53 .
drwxr-xr-x   6 root     other         96 May 18 16:06 ..
drwxr-xr-x   2 root     other       1024 May 18 15:54 lib

rolandsworld:> pwd
/home/chroot/dev
rolandsworld:> cd ../bin
rolandsworld:> ls
bash   cp     ksh    ldd    ls     mkdir  mv     rm     rmdir  sh

rolandsworld:> sftp -v rrebstoc@10.25.70.52
Connecting to 10.25.70.52...
OpenSSH_3.9p1, OpenSSL 0.9.8d 28 Sep 2006
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to 10.25.70.52 [10.25.70.52] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.9p1
debug1: match: OpenSSH_3.9p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.25.70.52' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Offering public key: /root/.ssh/id_dsa
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
rrebstoc@10.25.70.52's password:=20
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 137
Connection closed