Secure Shell
sftp running in chroot env Feb 11 2010 04:13PM
Steve Szabo (steve g szabo gmail com) (2 replies)
Fwd: sftp running in chroot env Feb 12 2010 05:53PM
Steve Szabo (steve g szabo gmail com)
Re: sftp running in chroot env Feb 12 2010 12:14PM
Jan Chadima (jchadima redhat com)

Not 100% solution is:
https://bugzilla.mindrot.org/show_bug.cgi?id=1636
the log stop working when the syslog daemon is reloaded :(

JFCh

----- "Steve Szabo" <steve.g.szabo (at) gmail (dot) com [email concealed]> wrote:

> I've configured sftp to run in a chroot env which seems to work
> however I am unable to get syslog to log the sftp activities within
> the chroot.
>
>
> If I connect via sftp to a non-chroot env the daemon will log the
> transactions as expected:
>
> i.e.
>
> Feb 11 10:35:20 XXXXXXXXXX sftp-server[11797]: [ID 800047 auth.info]
> open "/home/someguy/test/file" flags READ mode 0666
>
>
>
> I also need the activities to be logged from within the chroot - can
> someone please give me some pointers?
>
>
>
> Here is my config running under Solaris 10:
>
>
>
>
> syslog.conf:
> auth.debug /var/adm/openssh.log
>
>
> sshd_config:
> SyslogFacility AUTH
> LogLevel DEBUG
> Subsystem sftp /opt/openssh/libexec/sftp-server -l DEBUG
>
> Match User sample
> ChrootDirectory /home/chroot
>
>
>
> chroot env:
>
> /home/chroot:
>
> ./usr
> ./usr/sfw
> ./usr/sfw/lib
> ./usr/sfw/lib/libcrypto.so.0.9.7
> ./usr/sfw/lib/libcrypto_extra.so.0.9.7
> ./usr/bin
> ./usr/bin/ls
> ./usr/lib
> ./usr/lib/nss_files.so.1
> ./usr/lib/libz.so.1
> ./usr/lib/ld.so.1
>
> ./bin
> ./bin/bash
>
> ./etc
> ./etc/group
> ./etc/passwd
>
> ./lib
> ./lib/libsec.so.1
> ./lib/libc.so.1
> ./lib/libresolv.so.2
> ./lib/libmd.so.1
> ./lib/libmp.so.2
> ./lib/libdoor.so.1
> ./lib/libcurses.so.1
> ./lib/libnsl.so.1
> ./lib/librt.so.1
> ./lib/libdl.so.1
> ./lib/libm.so.2
> ./lib/libaio.so.1
> ./lib/libscf.so.1
> ./lib/libgen.so.1
> ./lib/libuutil.so.1
> ./lib/libavl.so.1
> ./lib/libsocket.so.1
>
> ./opt
> ./opt/openssh
> ./opt/openssh/libexec
> ./opt/openssh/libexec/sftp-server
> ./opt/openssh/bin
> ./opt/openssh/bin/scp
>
> ./home
> ./home/sample
>
> ./dev
> ./dev/null
> ./dev/log
>
> ./var
> ./var/adm
> ./var/adm/openssh.log
>
>
>
>
>
>
>
> --
> â??it is better to solve the right problem the wrong way than the wrong
> problem the right way�
> -- Doug McIlroy

--
JFCh

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus