HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

sshd and chroot

 

sshd and chroot

Hello,

i try to get chroot with HP-UX sec shell 05.10 to work.
I use the script ssh_chroot_setup.sh.
When i try to connect, i am still in "normal" userhome.

So i make changes in sshd_config:

Match User test03
ChrootDirectory /newroot/home/test03

like discripe here:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1262739

But now, i can not connect:

Connection to "IP address" closed by remote host.
Couldn't read packet: Connection reset by peer

Syslog:

fatal: bad ownership or modes for chroot directory


who can help?

Ralph
9 REPLIES
kemo
Trusted Contributor

Re: sshd and chroot

hi

user's home directories must be owned by root:root and its mode should be 755

thanks
Kamal
Steven E. Protter
Exalted Contributor

Re: sshd and chroot

Shalom,

This message is spot on accurate.


fatal: bad ownership or modes for chroot directory

The most common problem I had when chrooting any ssh installation was the ownership and permissions were wrong.

Please post the ownership of the users home directory.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Re: sshd and chroot

Hello,

theese permission are set by the script:

# ll -a /newroot/home/
total 16
drwxr-xr-x 3 root root 96 May 20 10:32 .
drwxr-xr-x 10 root root 8192 May 20 10:32 ..
drwxr-xr-x 2 test03 users 96 May 20 10:32 test03

I do not change anything.

Ralph

Re: sshd and chroot

Hello,

i change permissions to root:root.
Now i get with sftp :Request for subsystem 'sftp' failed on channel 0

i check libs with #ldd /opt/ssh/libexec/sftp-server (see /opt/ssh/README.hp)
-- > Looks good!

With ssh i get /bin/sh no such file...
but there is a /newroot/bin/sh


Ralph
kemo
Trusted Contributor

Re: sshd and chroot

hello Ralph

i think you are using a new version of openssh which doesn't require to create mini-operating system as your script did.
that means. just create an empty home directory for your user

for example

useradd -d test test
mkdir /home/test
chown root:root /home/test
chmod 766 /home/test

then edit sshd_config with

Match User test
ChrootDirectory /home/test


check also if these options are available with your ssh version

Match User test
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/test


Note: for more than one user e.g test,test1,test2 use the following


Match User test,test1,test2
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u


where %u is taking the list of users u specified in Match User directive.


thanks :)


Re: sshd and chroot

Hello,

if i try it like this i get /sbin/sh not such file...
So i think i need a mini system, like discriped in /opt/ssh/README.hp.

Are you sure with chmod 766, only 755 works for me?


Ralph
kemo
Trusted Contributor

Re: sshd and chroot

sorry, my fault
permission should be 755

Re: sshd and chroot

Hello,

now it works...
I use the script ssh_chroot_setup.sh.
I make changes in sshd_config:

Match User test03
ChrootDirectory /newroot

For ChrootDirectory i use the dir i choose for
my chroot environment, not a home dir!

i am not using internal-sftp.
With that the connection closed after ls command!

Thanks

Ralph

Re: sshd and chroot

Close...