|
From: | Olivier Sessink |
Subject: | Re: [Jailkit-users] ssh agent forwarding difficulties |
Date: | Sun, 05 Aug 2007 22:21:30 +0200 |
User-agent: | Icedove 1.5.0.12 (X11/20070607) |
Valdemar Lemche wrote:
I followed the howto, Jailkit howto - creating an SSH only shell in a chroot jail Does anyone have any bright ideas how to do ssh agent forwarding from a client, through a bastion host, using a jailkit user, to a final server? Of course it works fine to the bastion host, but from the bastion host to the final server things are not going to well. The agent socket is written to the not chroot'ed /tmp, so I tried copying it to <chroot'ed>/tmp using "cp -r `dirname $SSH_AUTH_SOCK` /chrootusers/tmp" in /etc/ssh/sshrc.
copying sockets doesn't work. You can create the socket, but there is no application that listens to traffic on the newly created socket.
I see two possible solutions: 1) mount the real /tmp/ in the jail: mount /tmp/ /srv/jail/tmp -o bindthat way both applications in and outside the jail can use the same socket (not 100% sure if it works in reality, but in theory it should work)
2) try if you can configure the ssh utilities to create the socket in the jail
Olivier
[Prev in Thread] | Current Thread | [Next in Thread] |