Secure Shell
sftp running in chroot env Feb 11 2010 04:13PM
Steve Szabo (steve g szabo gmail com) (2 replies)
I've configured sftp to run in a chroot env which seems to work
however I am unable to get syslog to log the sftp activities within
the chroot.

If I connect via sftp to a non-chroot env the daemon will log the
transactions as expected:

i.e.

Feb 11 10:35:20 XXXXXXXXXX sftp-server[11797]: [ID 800047 auth.info]
open "/home/someguy/test/file" flags READ mode 0666

I also need the activities to be logged from within the chroot - can
someone please give me some pointers?

Here is my config running under Solaris 10:

syslog.conf:
auth.debug /var/adm/openssh.log

sshd_config:
SyslogFacility AUTH
LogLevel DEBUG
Subsystem sftp /opt/openssh/libexec/sftp-server -l DEBUG

Match User sample
ChrootDirectory /home/chroot

chroot env:

/home/chroot:

./usr
./usr/sfw
./usr/sfw/lib
./usr/sfw/lib/libcrypto.so.0.9.7
./usr/sfw/lib/libcrypto_extra.so.0.9.7
./usr/bin
./usr/bin/ls
./usr/lib
./usr/lib/nss_files.so.1
./usr/lib/libz.so.1
./usr/lib/ld.so.1

./bin
./bin/bash

./etc
./etc/group
./etc/passwd

./lib
./lib/libsec.so.1
./lib/libc.so.1
./lib/libresolv.so.2
./lib/libmd.so.1
./lib/libmp.so.2
./lib/libdoor.so.1
./lib/libcurses.so.1
./lib/libnsl.so.1
./lib/librt.so.1
./lib/libdl.so.1
./lib/libm.so.2
./lib/libaio.so.1
./lib/libscf.so.1
./lib/libgen.so.1
./lib/libuutil.so.1
./lib/libavl.so.1
./lib/libsocket.so.1

./opt
./opt/openssh
./opt/openssh/libexec
./opt/openssh/libexec/sftp-server
./opt/openssh/bin
./opt/openssh/bin/scp

./home
./home/sample

./dev
./dev/null
./dev/log

./var
./var/adm
./var/adm/openssh.log

--
?it is better to solve the right problem the wrong way than the wrong
problem the right way?
-- Doug McIlroy

[ reply ]
Fwd: sftp running in chroot env Feb 12 2010 05:53PM
Steve Szabo (steve g szabo gmail com)
Re: sftp running in chroot env Feb 12 2010 12:14PM
Jan Chadima (jchadima redhat com)


 

Privacy Statement
Copyright 2010, SecurityFocus