Re: Using rssh on Solaris 2.8 to chroot ssh connections
Brought to you by:
xystrus
From: Markus M. <hu...@mo...> - 2006-06-13 16:04:12
|
Chris, sftp works for me too, but not scp. The reason is that for sftp the chroot helper does not need arguments chroot cmd line: /usr/libexec/rssh_chroot_helper "/chroot" 2 "/" "/usr/libexec/sftp-server" chroot cmd line: /usr/libexec/rssh_chroot_helper "/chroot" 1 "/" "scp -t /tftpboot" Can you check if scp works too ? I get usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 [...] [[user@]host2:]file2 on the client site Thanks Markus On Tue Jun 13 16:51 , Chris Osicki <os...@ad...> sent: > >Hi Markus >Just few ours ago I setup chrooted sftp on Solaris 8. >My jail directory is /opt/jail ;-) > >The content: > >/opt/jail]# ls -R >.: >bin etc home lib opt usr var > >./bin: >ksh > >./etc: >passwd > >./home: >xferuam > >./home/xferuam: > >./lib: > >./opt: >openssh > >./opt/openssh: >bin libexec > >./opt/openssh/bin: >scp > >./opt/openssh/libexec: >sftp-server > >./usr: >bin lib > >./usr/bin: > >./usr/lib: >ld.so.1 libc.so.1 libdl.so.1 libnsl.so.1 >librt.so.1 libsocket.so.1 libaio.so.1 libcmd.so.1 >libmp.so.2 libresolv.so.2 libsecdb.so.1 > >--------------------- > >On Solaris 8 we use openssh which is located in /opt/openssh, it's why >this directory under /opt/jail. >The user is: xferuam >In paswd file: >xferuam:x:939:921::/opt/jail/home/xferuam:/opt/rssh/bin/rssh > >/opt/rssh/etc/: >user = xferuam:022:00011:/opt/jail > >Maybe it helps somehow. > >Regards, >Chris > > >On Tue, 13 Jun 2006 11:28:06 +0100 >Markus Moeller hu...@mo...> wrote: > >> I try to setup rssh with chroot on Solaris 2.8 (latest patches). I think I have >> the necessary files in the jail. Did an ldd on all binaries, have ksh in the >> jail, but ksh core dumps. gdb shows >> >> # gdb /bin/ksh core >> GNU gdb 5.0 >> Copyright 2000 Free Software Foundation, Inc. >> GDB is free software, covered by the GNU General Public License, and you are >> welcome to change it and/or distribute copies of it under certain conditions. >> Type "show copying" to see the conditions. >> There is absolutely no warranty for GDB. Type "show warranty" for details. >> This GDB was configured as "sparc-sun-solaris2.8"... >> (no debugging symbols found)... >> Core was generated by `ksh -N scp -t /tftpboot'. >> Program terminated with signal 11, Segmentation Fault. >> Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols found)... >> done. >> Loaded symbols for /usr/lib/libsocket.so.1 >> Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols found)... >> done. >> Loaded symbols for /usr/lib/libnsl.so.1 >> Reading symbols from /usr/lib/libc.so.1...(no debugging symbols found)...done. >> Loaded symbols for /usr/lib/libc.so.1 >> Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols found)...done. >> Loaded symbols for /usr/lib/libdl.so.1 >> Reading symbols from /usr/lib/libmp.so.2...(no debugging symbols found)...done. >> Loaded symbols for /usr/lib/libmp.so.2 >> Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1... >> (no debugging symbols found)...done. >> Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 >> #0 0xff1b2970 in longjmp () from /usr/lib/libc.so.1 >> (gdb) where >> #0 0xff1b2970 in longjmp () from /usr/lib/libc.so.1 >> #1 0x285ac in mac_expand () >> #2 0x282e0 in job_discard_save () >> #3 0x274d8 in job_discard_save () >> #4 0x28440 in mac_expand () >> #5 0x290a0 in mac_trim () >> #6 0x2a9ec in env_setlist () >> #7 0x32690 in sh_exec () >> #8 0x1c170 in sh_eval () >> #9 0x2da5c in path_pwd () >> #10 0x29748 in main () >> (gdb) >> >> I found that ksh -N is called from wordexp, but I can't call ksh -N in any other >> way than through wordexp. >> >> find /chroot >> /chroot >> /chroot/usr >> /chroot/usr/lib >> /chroot/usr/lib/libresolv.so.2 >> /chroot/usr/lib/libcrypto.so.0.9.8 >> /chroot/usr/lib/librt.so.1 >> /chroot/usr/lib/libsocket.so.1 >> /chroot/usr/lib/libnsl.so.1 >> /chroot/usr/lib/libgssapi_krb5.so.2 >> /chroot/usr/lib/libk5crypto.so.3 >> /chroot/usr/lib/libcom_err.so.3 >> /chroot/usr/lib/libc.so.1 >> /chroot/usr/lib/libdl.so.1 >> /chroot/usr/lib/libaio.so.1 >> /chroot/usr/lib/libmp.so.2 >> /chroot/usr/lib/libgcc_s.so.1 >> /chroot/usr/lib/nss_files.so.1 >> /chroot/usr/lib/ld.so.1 >> /chroot/usr/lib/libelf.so.1 >> /chroot/usr/lib/libkrb5.so.3 >> /chroot/usr/lib/libcmd.so.1 >> /chroot/usr/lib/libgen.so.1 >> /chroot/usr/lib/libsecdb.so.1 >> /chroot/usr/lib/libproc.so.1 >> /chroot/usr/bin >> /chroot/usr/bin/scp >> /chroot/usr/bin/ksh >> /chroot/usr/bin/ldd >> /chroot/usr/platform >> /chroot/usr/platform/SUNW,Ultra-5_10 >> /chroot/usr/platform/SUNW,Ultra-5_10/lib >> /chroot/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1 >> /chroot/usr/platform/SUNW,Ultra-5_10/lib/sparcv9 >> /chroot/usr/platform/SUNW,Ultra-5_10/lib/sparcv9/libc_psr.so.1 >> /chroot/usr/platform/sun4u >> /chroot/usr/platform/sun4u/lib >> /chroot/usr/platform/sun4u/lib/libc_psr.so.1 >> /chroot/usr/libexec >> /chroot/usr/libexec/sftp-server >> /chroot/usr/libexec/rssh_chroot_helper >> /chroot/usr/xpg4 >> /chroot/usr/xpg4/bin >> /chroot/usr/xpg4/bin/sh >> /chroot/usr/share >> /chroot/usr/share/lib >> /chroot/usr/share/lib/zoneinfo >> /chroot/usr/share/lib/zoneinfo/GB-Eire >> /chroot/lib >> /chroot/etc >> /chroot/etc/passwd >> /chroot/etc/group >> /chroot/etc/nsswitch.conf >> /chroot/etc/hosts >> /chroot/etc/shadow >> /chroot/tftpboot >> /chroot/bin >> /chroot/bin/sh >> /chroot/bin/ksh >> /chroot/bin/pwd >> /chroot/home >> >> Does anybody know the dependency of ksh which I may have missed ? >> >> Thanks >> Markus >> >> >> _______________________________________________ >> rssh-discuss mailing list >> rss...@li... >> https://lists.sourceforge.net/lists/listinfo/rssh-discuss >> |