https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130110#M449587 Hi there,<BR /><BR />Just in case somebody experience the same issue, here the solution I got from HP. Note that this is for a chroot environment after that was there before the Secure Shell update.<BR /><BR />1 - On the actual /etc/passwd file, change the chrooted account's home directory from "/<CHROOT_DIR>/./home/<ACCOUNT>" to "/home/<ACCOUNT>".<BR />2 - Do the same for "/<CHROOT_DIR>/etc/passwd"<BR />3 - On the end of the /opt/ssh/etc/sshconfig file add two lines like:<BR />Match User <ACCOUNT><BR /> ChrootDirectory /<CHROOT_DIR><BR />4 - Restart sshd.<BR /><BR />Alex</CHROOT_DIR></ACCOUNT></CHROOT_DIR></ACCOUNT></ACCOUNT></CHROOT_DIR> Thu, 18 Sep 2008 20:51:07 GMT Alex Wanderley 2008-09-18T20:51:07Z https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130107#M449584 Hi,<BR /><BR />This is on 11.11i v1.<BR />After udating Secure Shell from A.04.70.009 to A.05.00.024 chroot ssh, sftp and scp environments stopped working. The account can login, but it doesn't get "jailed" to its home directory.<BR />I successfully created a brand new test environmemt/account with the /opt/ssh/utils/ssh_chroot_setup.sh script, but end up with the same behavior.<BR />Just so you know, enabling he "ChrootDirectory" clause on /opt/ssh/etc/sshd_config didn't help because it made all accounts to chroot to that directory.<BR />Has anybody had this problem before?<BR /><BR />Thanks a lot,<BR /><BR />Alex Tue, 16 Sep 2008 19:05:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130107#M449584 Alex Wanderley 2008-09-16T19:05:07Z https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130108#M449585 Hi Alex,<BR /><BR />See known problems and workarounds for this version:<BR />"The chroot functionality does not work if the UseLogin configuration directive in sshd_config is set to YES" <BR /><BR />More here - <A href="http://docs.hp.com/en/T1471-90033/ch01s06.html" target="_blank">http://docs.hp.com/en/T1471-90033/ch01s06.html</A><BR /><BR />regards,<BR />ivan Tue, 16 Sep 2008 19:50:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130108#M449585 Ivan Krastev 2008-09-16T19:50:11Z https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130109#M449586 Hi Ivan,<BR /><BR />The UseLogin clause is actually set to its default: "no".<BR />I tried actually making it explicit and restarting sshd, but it didn't work either.<BR /><BR />But that's how it looks like: as if the "UseLogin" clause was set to "yes"...<BR /><BR />Thanks,<BR /><BR />Alex Tue, 16 Sep 2008 20:38:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130109#M449586 Alex Wanderley 2008-09-16T20:38:18Z https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130110#M449587 Hi there,<BR /><BR />Just in case somebody experience the same issue, here the solution I got from HP. Note that this is for a chroot environment after that was there before the Secure Shell update.<BR /><BR />1 - On the actual /etc/passwd file, change the chrooted account's home directory from "/<CHROOT_DIR>/./home/<ACCOUNT>" to "/home/<ACCOUNT>".<BR />2 - Do the same for "/<CHROOT_DIR>/etc/passwd"<BR />3 - On the end of the /opt/ssh/etc/sshconfig file add two lines like:<BR />Match User <ACCOUNT><BR /> ChrootDirectory /<CHROOT_DIR><BR />4 - Restart sshd.<BR /><BR />Alex</CHROOT_DIR></ACCOUNT></CHROOT_DIR></ACCOUNT></ACCOUNT></CHROOT_DIR> Thu, 18 Sep 2008 20:51:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130110#M449587 Alex Wanderley 2008-09-18T20:51:07Z https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130111#M449588 This thread is closed. Thu, 18 Sep 2008 20:52:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/secure-shell-update-broke-chroot-environment/m-p/5130111#M449588 Alex Wanderley 2008-09-18T20:52:59Z