Re: Using rssh on Solaris 2.8 to chroot ssh connections
Brought to you by:
xystrus
Menu
▾
▴
Re: Using rssh on Solaris 2.8 to chroot ssh connections
|
From: Markus M. <hu...@mo...> - 2006-06-13 16:04:12
|
Chris,
sftp works for me too, but not scp. The reason is that for sftp the chroot helper
does not need arguments
chroot cmd line: /usr/libexec/rssh_chroot_helper "/chroot" 2 "/"
"/usr/libexec/sftp-server"
chroot cmd line: /usr/libexec/rssh_chroot_helper "/chroot" 1 "/" "scp -t /tftpboot"
Can you check if scp works too ? I get
usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
[-l limit] [-o ssh_option] [-P port] [-S program]
[[user@]host1:]file1 [...] [[user@]host2:]file2
on the client site
Thanks
Markus
On Tue Jun 13 16:51 , Chris Osicki <os...@ad...> sent:
>
>Hi Markus
>Just few ours ago I setup chrooted sftp on Solaris 8.
>My jail directory is /opt/jail ;-)
>
>The content:
>
>/opt/jail]# ls -R
>.:
>bin etc home lib opt usr var
>
>./bin:
>ksh
>
>./etc:
>passwd
>
>./home:
>xferuam
>
>./home/xferuam:
>
>./lib:
>
>./opt:
>openssh
>
>./opt/openssh:
>bin libexec
>
>./opt/openssh/bin:
>scp
>
>./opt/openssh/libexec:
>sftp-server
>
>./usr:
>bin lib
>
>./usr/bin:
>
>./usr/lib:
>ld.so.1 libc.so.1 libdl.so.1 libnsl.so.1
>librt.so.1 libsocket.so.1 libaio.so.1 libcmd.so.1
>libmp.so.2 libresolv.so.2 libsecdb.so.1
>
>---------------------
>
>On Solaris 8 we use openssh which is located in /opt/openssh, it's why
>this directory under /opt/jail.
>The user is: xferuam
>In paswd file:
>xferuam:x:939:921::/opt/jail/home/xferuam:/opt/rssh/bin/rssh
>
>/opt/rssh/etc/:
>user = xferuam:022:00011:/opt/jail
>
>Maybe it helps somehow.
>
>Regards,
>Chris
>
>
>On Tue, 13 Jun 2006 11:28:06 +0100
>Markus Moeller hu...@mo...> wrote:
>
>> I try to setup rssh with chroot on Solaris 2.8 (latest patches). I think I have
>> the necessary files in the jail. Did an ldd on all binaries, have ksh in the
>> jail, but ksh core dumps. gdb shows
>>
>> # gdb /bin/ksh core
>> GNU gdb 5.0
>> Copyright 2000 Free Software Foundation, Inc.
>> GDB is free software, covered by the GNU General Public License, and you are
>> welcome to change it and/or distribute copies of it under certain conditions.
>> Type "show copying" to see the conditions.
>> There is absolutely no warranty for GDB. Type "show warranty" for details.
>> This GDB was configured as "sparc-sun-solaris2.8"...
>> (no debugging symbols found)...
>> Core was generated by `ksh -N scp -t /tftpboot'.
>> Program terminated with signal 11, Segmentation Fault.
>> Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols found)...
>> done.
>> Loaded symbols for /usr/lib/libsocket.so.1
>> Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols found)...
>> done.
>> Loaded symbols for /usr/lib/libnsl.so.1
>> Reading symbols from /usr/lib/libc.so.1...(no debugging symbols found)...done.
>> Loaded symbols for /usr/lib/libc.so.1
>> Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols found)...done.
>> Loaded symbols for /usr/lib/libdl.so.1
>> Reading symbols from /usr/lib/libmp.so.2...(no debugging symbols found)...done.
>> Loaded symbols for /usr/lib/libmp.so.2
>> Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...
>> (no debugging symbols found)...done.
>> Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
>> #0 0xff1b2970 in longjmp () from /usr/lib/libc.so.1
>> (gdb) where
>> #0 0xff1b2970 in longjmp () from /usr/lib/libc.so.1
>> #1 0x285ac in mac_expand ()
>> #2 0x282e0 in job_discard_save ()
>> #3 0x274d8 in job_discard_save ()
>> #4 0x28440 in mac_expand ()
>> #5 0x290a0 in mac_trim ()
>> #6 0x2a9ec in env_setlist ()
>> #7 0x32690 in sh_exec ()
>> #8 0x1c170 in sh_eval ()
>> #9 0x2da5c in path_pwd ()
>> #10 0x29748 in main ()
>> (gdb)
>>
>> I found that ksh -N is called from wordexp, but I can't call ksh -N in any other
>> way than through wordexp.
>>
>> find /chroot
>> /chroot
>> /chroot/usr
>> /chroot/usr/lib
>> /chroot/usr/lib/libresolv.so.2
>> /chroot/usr/lib/libcrypto.so.0.9.8
>> /chroot/usr/lib/librt.so.1
>> /chroot/usr/lib/libsocket.so.1
>> /chroot/usr/lib/libnsl.so.1
>> /chroot/usr/lib/libgssapi_krb5.so.2
>> /chroot/usr/lib/libk5crypto.so.3
>> /chroot/usr/lib/libcom_err.so.3
>> /chroot/usr/lib/libc.so.1
>> /chroot/usr/lib/libdl.so.1
>> /chroot/usr/lib/libaio.so.1
>> /chroot/usr/lib/libmp.so.2
>> /chroot/usr/lib/libgcc_s.so.1
>> /chroot/usr/lib/nss_files.so.1
>> /chroot/usr/lib/ld.so.1
>> /chroot/usr/lib/libelf.so.1
>> /chroot/usr/lib/libkrb5.so.3
>> /chroot/usr/lib/libcmd.so.1
>> /chroot/usr/lib/libgen.so.1
>> /chroot/usr/lib/libsecdb.so.1
>> /chroot/usr/lib/libproc.so.1
>> /chroot/usr/bin
>> /chroot/usr/bin/scp
>> /chroot/usr/bin/ksh
>> /chroot/usr/bin/ldd
>> /chroot/usr/platform
>> /chroot/usr/platform/SUNW,Ultra-5_10
>> /chroot/usr/platform/SUNW,Ultra-5_10/lib
>> /chroot/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
>> /chroot/usr/platform/SUNW,Ultra-5_10/lib/sparcv9
>> /chroot/usr/platform/SUNW,Ultra-5_10/lib/sparcv9/libc_psr.so.1
>> /chroot/usr/platform/sun4u
>> /chroot/usr/platform/sun4u/lib
>> /chroot/usr/platform/sun4u/lib/libc_psr.so.1
>> /chroot/usr/libexec
>> /chroot/usr/libexec/sftp-server
>> /chroot/usr/libexec/rssh_chroot_helper
>> /chroot/usr/xpg4
>> /chroot/usr/xpg4/bin
>> /chroot/usr/xpg4/bin/sh
>> /chroot/usr/share
>> /chroot/usr/share/lib
>> /chroot/usr/share/lib/zoneinfo
>> /chroot/usr/share/lib/zoneinfo/GB-Eire
>> /chroot/lib
>> /chroot/etc
>> /chroot/etc/passwd
>> /chroot/etc/group
>> /chroot/etc/nsswitch.conf
>> /chroot/etc/hosts
>> /chroot/etc/shadow
>> /chroot/tftpboot
>> /chroot/bin
>> /chroot/bin/sh
>> /chroot/bin/ksh
>> /chroot/bin/pwd
>> /chroot/home
>>
>> Does anybody know the dependency of ksh which I may have missed ?
>>
>> Thanks
>> Markus
>>
>>
>> _______________________________________________
>> rssh-discuss mailing list
>> rss...@li...
>> https://lists.sourceforge.net/lists/listinfo/rssh-discuss
>>
|