|
In our environment we are not using OpenSSH, and we are using SSH Tectia 6.1.7 build 139 ( Server as well as client).
We have removed OpenSSH from this server and using Tectia SSH instead.
When a chrooted user configured with jailkit login to server using ssh , the user is logged into the correct jail and the
jailed user cannot go to other directories out of jail. But if the chrooted user sftp to the server, the user is not chrooted and the user
can cd to any other directory in the server.
It seems that the in Tectia ssh server, "chroot" system call can only be made as root and the sftp-server is run as a subsystem
request by a user inside the ssh session. Is it because this the sftp login is not able to enter to jail, and using ssh we are
able to enter into jil? If this is the case, then what is the solution for chroot users who sftp to the server.
Thanks & Regards,
Vinod Kumar Seshan
UK IT Service Delivery Team - UNIX_COEP
Team On-call Numbers : +91 97422 32086, +91 97422 32085
________________________________________
From: jailkit-users-bounces+address@hidden [jailkit-users-bounces+address@hidden On Behalf Of Scott Ruckh address@hidden
Sent: 24 June 2011 22:40
To: address@hidden
Subject: Re: [Jailkit-users] Sftp users are not able to chroot with Jailkit setup
Yo. This is what you said earlier: Olivier Sessink
> On 06/24/2011 03:34 PM, Seshan, Vinod K. (CONT) wrote:
>> Hi Team,
>> We have installed/configured jailkit version jailkit-2.11-1.el5.rf on
>> our RHEL5 server. We have SSH Tectia Client 6.1.7 build 139 installed in
>> this server. When a chrooted user configured with jailkit login to
>> server using ssh , the user is logged into the correct jail and the
>> jailed user cannot go to other directories out of jail. But if the
>> chrooted user sftp to the server, the user is not chrooted and the user
>> can cd to any other directory in the server.
>
> it seems that the ssh server doesn't use the shell to start the sftp
> subsystem, but immediately starts it itself. I haven't seen such a ssh
> server myself, but I don't have access to RHEL5.
>
> Which ssh is running on rhel5, and what is the configuration?
>
> Olivier
>
RHEL5 still comes with OpenSSH 4. The OP's states they are using the
commercial SSH client (Tectia), I was not sure if the SSH server that is
installed is also Tectia. The newer OpenSSH 5 server comes with built-in
chroot support for SFTP.
Scott
_______________________________________________
Jailkit-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/jailkit-users
The information contained in this e-mail is confidential and/or proprietary
to Capital One and/or its affiliates. The information transmitted herewith
is intended only for use by the individual or entity to which it is
addressed. If the reader of this message is not the intended recipient,
you are hereby notified that any review, retransmission, dissemination,
distribution, copying or other use of, or taking of any action in reliance
upon this information is strictly prohibited. If you have received this
communication in error, please contact the sender and delete the material
from your computer.
|