User specific jail problem
Brought to you by:
xystrus
From: Kevin M. <kev...@br...> - 2007-06-13 20:57:04
|
Hi, Having solved the SCP problem I now have an issue with user specific jails. The global jail ("chrootpath") works fine. /etc/passwd contains: ==================== jonas:x:213:213:testuser:/usr/nobill_data/home/jonas:/usr/local/bin/rssh ==================== In /usr/local/etc/rssh.conf, I set: ==================== logfacility = LOG_USER allowscp umask = 022 chrootpath=/usr/nobill_data user=jonas:011:00001 ==================== Then I test from the client: ==================== > scp jonas@garfield:c.txt . jonas@garfield's password: c.txt 100% ==================== In /var/log/messages on the server I get: ==================== sshd[19070]: [ID 800047 auth.info] Accepted password for jonas from 10.40.1.44 port 38738 ssh2 rssh[19073]: [ID 702911 daemon.info] setting log facility to LOG_USER rssh[19073]: [ID 702911 user.info] allowing scp to all users rssh[19073]: [ID 702911 user.info] setting umask to 022 rssh[19073]: [ID 702911 user.info] chrooting all users to /usr/nobill_data rssh[19073]: [ID 702911 user.info] line 31: configuring user jonas rssh[19073]: [ID 702911 user.info] setting jonas's umask to 011 rssh[19073]: [ID 702911 user.info] allowing scp to user jonas rssh[19073]: [ID 702911 user.info] chrooting jonas to /usr/nobill_data/home/jonas rssh[19073]: [ID 702911 user.info] chroot cmd line: /usr/local/libexec/rssh_chroot_helper 1 "scp -f c.txt" sshd[19072]: [ID 800047 auth.error] error: channel 0: chan_read_failed for istate 3 ==================== Next, I set the user's chroot jail in /usr/local/etc/rssh.conf: ==================== logfacility = LOG_USER allowscp umask = 022 chrootpath = /usr/nobill_data user=jonas:011:00001:/usr/nobill_data/home/jonas ==================== Then I test from the client: ==================== > scp jonas@garfield:c.txt . jonas@garfield's password: rssh_chroot_helper: error expanding arguments ==================== On the server side the /var/adm/messages shows: ==================== sshd[18432]: [ID 800047 auth.info] Accepted password for jonas from 10.40.1.44 port 38730 ssh2 rssh[18435]: [ID 702911 daemon.info] setting log facility to LOG_USER rssh[18435]: [ID 702911 user.info] allowing scp to all users rssh[18435]: [ID 702911 user.info] setting umask to 022 rssh[18435]: [ID 702911 user.info] line 31: configuring user jonas rssh[18435]: [ID 702911 user.info] setting jonas's umask to 011 rssh[18435]: [ID 702911 user.info] allowing scp to user jonas rssh[18435]: [ID 702911 user.info] chrooting jonas to /usr/nobill_data/home/jonas rssh[18435]: [ID 702911 user.info] chroot cmd line: /usr/local/libexec/rssh_chroot_helper 1 "scp -f c.txt" sshd[18434]: [ID 800047 auth.error] error: channel 0: chan_read_failed for istate 3 ==================== I have read about similar problems in earlier posts, but none of the solutions or ideas have helped. So I am hoping there is someone who has had a similar problem on Solaris 10. I may contact our Sun support if I knew what to ask them. Is "wordexp" still an issue? Any help appreciated, Kevin |