From: Baghele, Bipin (Bipin.Baghele@accretivecom.com)
Date: Fri Sep 08 2006 - 13:38:46 EDT
Hi All,
On our existing Solaris 10 server, I am looking to implement sftp with
chroot, so that users can be jailed to their home folder only. FTP works
well in chroot environment on this server. But sftp does not restrict to
chrooted home folder.
I searched on Google for same and find some references
[http://www.coding-zone.com/chroot+sftp-server.patch and
http://chrootssh.sourceforge.net <http://chrootssh.sourceforge.net/> ]
to use the code given and patch the source code of Openssh, but patching
did not work for me.
I tried to patch the Openssh 4.3p2 source code from openssh.org as given
on http://www.coding-zone.com/chroot+sftp-server.patch but patching
fails.
tnchftpup01 # patch -p 0 < ../openssh-chroot-patch
Looks like a unified context diff.
Hunk #1 succeeded at 15 (offset 7 lines)
Hunk #2 failed at line 1028.
1 out of 3 hunks failed: saving rejects to sftp-server.c.rej
done
The compilation for source code given at
http://chrootssh.sourceforge.net/ fails in make as
--------------------------------------------------
usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H
-c sshconnect2.c
gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o
sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat
-lresolv -lcrypto -lrt -lz -lsocket -lnsl
Undefined first referenced
symbol in file
EVP_aes_192_cbc ./libssh.a(cipher.o)
EVP_aes_256_cbc ./libssh.a(cipher.o)
ld: fatal: Symbol referencing errors. No output written to ssh
collect2: ld returned 1 exit status
*** Error code 1
make: Fatal error: Command failed for target `ssh'
--------------------------------------------
Anyone can provide some input on same and possibly how-to's. I would
prefer to use bult in ssh in solaris 10, if there is any way to
implement chroot sftp with it.
tnchftpup01 # uname -a
SunOS tnchftpup01 5.10 Generic_118833-20 sun4u sparc SUNW,Ultra-250
tnchftpup01 # ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:40:45 EDT