Secure Shell
sftp-server logging under chroot & privilege separation Mar 08 2010 05:53PM
kjh26 chrysler com (2 replies)
Re: sftp-server logging under chroot & privilege separation Mar 08 2010 10:07PM
Robert Hajime Lanning (robert lanning gmail com)
Re: sftp-server logging under chroot & privilege separation Mar 08 2010 07:24PM
Lars Nooden (lars curator gmail com) (1 replies)
On 2010-3-8 7:53 PM, kjh26 (at) chrysler (dot) com [email concealed] wrote:
> We are using OpenSSH 5.3p1.
>
> We are using this to host an SFTP drop-box. We have implemented chroot &
> privilege separation.
> ... Any ideas?

Assuming the chroot is done via sshd_config and not the old way, here
are some things to look at:

+ turn off the SUID root - there is a way around whatever it was using
sudoer,
+ check that you have created a socket named /dev/log in the chroot
hierarchy,
+ check that syslogd, syslog-ng, or whathaveyou is using that socket,
+ check that the partition where the chroot directory resides is not
mounted with the nodev option.

"The ChrootDirectory must contain the necessary files
and directories to support the user's session ...
sessions which use logging do require /dev/log inside
the chroot directory

http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config

"Use of sftp-server in a chroot configuration therefore
requires that syslogd(8) establish a logging socket
inside the chroot directory.

http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server

Is that on Solaris, AIX, BSD or Linux?

Regards,
/Lars

[ reply ]
Re: sftp-server logging under chroot & privilege separation Mar 08 2010 11:29PM
kjh26 chrysler com


 

Privacy Statement
Copyright 2010, SecurityFocus