HPE Community
Operating System - Linux
1820171 Members
4154 Online
109620 Solutions
New Discussion юеВ

rssh - Connection closed

 
SOLVED
Go to solution
MikeL_4
Super Advisor

тАО01-13-2010 09:45 AM

тАО01-13-2010 09:45 AM

rssh - Connection closed

I have installed rssh on one of our Red Hat 5.3 servers, and set it up for sftp only, and chroot...

When I try to do an sftp from another server, it asked for the user id's password, and then immediately gives me the messahe: Connection closed...

=>sftp sftpduka@sftpserver
Connecting to sftpserver...
sftpduka@sftpserver's password:
Connection closed
:=>

The following is put into the /var/log/messages on the sftpserver:
Jan 13 17:33:58 sftpserver rssh_chroot_helper[16099]: new session for sftpduka, UID=609
Jan 13 12:33:58 sftpserver rssh[16099]: chrooting all users to /t3public/public_ftp
Jan 13 17:33:58 sftpserver rssh_chroot_helper[16099]: user's home dir is /t3public/public_ftp
Jan 13 12:33:58 sftpserver rssh[16099]: chroot cmd line: /usr/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server"
Jan 13 17:33:58 sftpserver rssh_chroot_helper[16099]: couldn't find /t3public/public_ftp in chroot jail
Jan 13 17:33:58 sftpserver rssh_chroot_helper[16099]: chrooted to /t3public/public_ftp
Jan 13 17:33:58 sftpserver rssh_chroot_helper[16099]: changing working directory to / (inside jail)

Is anyone familiar with rssh that may be able to help ??

[root@duounfs01 t3public]# ls -al /t3public
total 44
drwxrwxr-x 7 root infinys 4096 Jan 13 10:06 .
drwxr-xr-x 50 root root 4096 Jan 5 21:25 ..
drwxrwxr-x 2 infduka infinys 4096 Jan 13 10:06 infduka
drwxrwxr-x 3 infduki infinys 4096 Jan 13 09:14 infduki
drwx------ 2 root root 16384 Nov 20 10:13 lost+found
drwxr-xr-x 10 root root 4096 Jan 13 10:24 public_ftp
drwxr-xr-x 2 root root 4096 Nov 20 15:14 UAT_FTP
[root@duounfs01 t3public]# ls -al /t3public/public_ftp
total 44
drwxr-xr-x 10 root root 4096 Jan 13 10:24 .
drwxrwxr-x 7 root infinys 4096 Jan 13 10:06 ..
drwxr-xr-x 2 root root 4096 Jan 13 10:19 bin
drwxr-xr-x 2 root root 4096 Jan 13 10:37 dev
drwxr-xr-x 3 root root 4096 Jan 13 10:08 etc
drwxr-xr-x 2 sftpduka sftponly 4096 Jan 13 10:06 infduka
drwxr-xr-x 2 sftpduki sftponly 4096 Jan 13 10:06 infduki
-rwx------ 1 root root 1387 Jan 13 10:06 l2chroot
drwxr-xr-x 2 root root 4096 Jan 13 09:41 lib
drwxr-xr-x 2 root root 4096 Jan 13 10:24 lib64
drwxr-xr-x 5 root root 4096 Jan 13 09:59 usr
[root@duounfs01 t3public]#

My rssh.conf file contains:
[root@sftpserver t3public]# cat /etc/rssh.conf
# This is the default rssh config file

# set the log facility. "LOG_USER" and "user" are equivalent.
logfacility = LOG_USER

# Leave these all commented out to make the default action for rssh to lock
# users out completely...

#allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync

# set the default umask
umask = 022

# If you want to chroot users, use this to set the directory where the root of
# the chroot jail will be located.
#
# if you DO NOT want to chroot users, LEAVE THIS COMMENTED OUT.
# chrootpath = /usr/local/chroot

# You can quote anywhere, but quotes not required unless the path contains a
# space...
chrootpath = "/t3public/public_ftp"

##########################################
# EXAMPLES of configuring per-user options

#user=rudy:077:00010: # the path can simply be left out to not chroot
#user=rudy:077:00010 # the ending colon is optional

#user=rudy:011:00100: # cvs, with no chroot
#user=rudy:011:01000: # rdist, with no chroot
#user=rudy:011:10000: # rsync, with no chroot
#user="rudy:011:00001:/usr/local/chroot" # whole user string can be quoted
#user=rudy:01"1:00001:/usr/local/chroot" # or somewhere in the middle, freak!
#user=rudy:'011:00001:/usr/local/chroot' # single quotes too

# if your chroot_path contains spaces, it must be quoted...
# In the following examples, the chroot_path is "/usr/local/my chroot"
#user=rudy:011:00001:"/usr/local/my chroot" # scp with chroot
#user=rudy:011:00010:"/usr/local/my chroot" # sftp with chroot
#user=rudy:011:00011:"/usr/local/my chroot" # both with chroot

# Spaces before or after the '=' are fine, but spaces in chrootpath need
# quotes.
#user = "rudy:011:00001:/usr/local/my chroot"
#user = "rudy:011:00001:/usr/local/my chroot" # neither do comments at line end

#user=sftpduka:011:00010:"/t3public/public_ftp" # sftp with chroot
#user=sftpduki:011:00010:"/t3public/public_ftp" # sftp with chroot

#
[root@sftpserver t3public]#
0 Kudos
2 REPLIES 2
Ivan Ferreira
Honored Contributor

тАО01-13-2010 10:22 AM

тАО01-13-2010 10:22 AM

Solution

Re: rssh - Connection closed

>>> couldn't find /t3public/public_ftp in chroot jail

This indicates that the directory was not found as subdirectories of the chroot path. Probably the sftpduka user has /t3public/public_ftp as home directory.

Maybe the problem is that as you have:

chrootpath = "/t3public/public_ftp"

The system is trying to find:

"/t3public/public_ftp/t3public/public_ftp"

So, try one of these things:

Set the home dir for the user as / or
Change the chrootpath to another directory, and create subdirectories there, for example:

chrootpath = /usr/local/chroot
mkdir -p /usr/local/chroot/t3public/public_ftp

Or comment out the user=sftpduka directives.


Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
MikeL_4
Super Advisor

тАО01-13-2010 11:48 AM

тАО01-13-2010 11:48 AM

Re: rssh - Connection closed

Thanks, re-checked your suggestions and everything was setup correctly...

I then found a message from google that suggested that as a last resolrt to just copy /lib/* to /chrootdir/lib

Did this and /lib64/* to /chrootdir/lib64 and everything started working correctly...

Must of been something that was missing from what I was instructed to copy from rssh documentation...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.