Re: chrooted ssh works, sftp doesn't

From: Richard E. Silverman (slade@shore.net)
Date: 02/07/02

• Next message: Pontus Skold: "Re: File size limit exceeded"
• Previous message: Bruno Wolff III: "Re: "Don't panic"?"
• In reply to: piggy: "chrooted ssh works, sftp doesn't"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: slade@shore.net (Richard E. Silverman)
Date: 07 Feb 2002 11:13:00 -0500

>>>>> "piggy" == piggy <piggy@lateral.net> writes:

    piggy> Hi peeps I've got chrooted ssh working fine (using the chrsh
    piggy> shell), but now the user can't sftp. There's no error
    piggy> message. If I replace his shell with /usr/sbin/sftp-shell then
    piggy> he can sftp but obviously not ssh.

Perhaps the sftp-server is not available (or runnable) in the chroot cage?
Remember that sshd runs all programs via the target account's shell.

    piggy> Also, if he ssh to his account and then tries to ssh to the
    piggy> localhost or the outside, he gets: Connecting to
    piggy> foo.bar.com.... You don't exist, go away!

This is probably because you don't have have access to the passwd database
in the cage.

    piggy> Is there a way to get both working in a chrooted environment?

Using chroot in this way for security is an inherently messy, unpleasant
idea. You have to replicate everything your programs need inside the cage
-- *every* cage, and there are often many -- which can quickly expand to
be so much that it defeats the original point of using chroot, or makes it
so complicated as to be a questionable tradeoff.

I understand that people get excited by the perceived absolute security
provided by the one-way chroot() call, but I think it's overused and
overrated.

Also note that since you're implementing this using chrsh, you're losing
much of that security anyway. Since sshd does not perform the chroot
itself, this does not protect against sshd exploits.

-- 
  Richard Silverman
  slade@shore.net

---

• Next message: Pontus Skold: "Re: File size limit exceeded"
• Previous message: Bruno Wolff III: "Re: "Don't panic"?"
• In reply to: piggy: "chrooted ssh works, sftp doesn't"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages internal-sftp: client unable to initialise server with chrooted user ... - smartcard: Enables smartcard support ... The problem is when trying to use sftp in an internal-sftp chroot, ... Fatal: unable to initialise SFTP on server: could not connect. ... (SSH) Re: [fw-wiz] Best-of-breed Proxies (was Re: Proxy Firewalls ...) ... >> It used a chrooted sshd with private passwd/shadow files in the ... >> chroot jail. ... The login shell for the users in that private passwd ... >> config file to get a destination host, and execed an ssh client to ... (Firewall-Wizards) Re: chrooted ssh works, sftp doesnt ... piggy> Hi peeps I've got chrooted ssh working fine (using the chrsh ... piggy> shell), but now the user can't sftp. ... piggy> he can sftp but obviously not ssh. ... > Perhaps the sftp-server is not available in the chroot cage? ... (comp.security.ssh) Re: Restricted Shells or Menu Based Shells ... I am using the flash program for the users that do not require a shell. ... create a chroot area for them using the jail program. ... I am considering a virtual server scenario as a next tier. ... to the point where we break even on the hosting costs. ... (Focus-Linux) Re: Chroot environment for ssh ... > would like to use SSH for the connections, as opposed to FTP, but I ... > users to be able to log into an interactive shell and I ... > want them to 'escape' out of their home directories. ... directives to chroot the groupand/or userthat are to have ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2002-02