sftp with chroot

From: Baghele, Bipin (Bipin.Baghele@accretivecom.com)
Date: Fri Sep 08 2006 - 13:38:46 EDT

Hi All,

On our existing Solaris 10 server, I am looking to implement sftp with
chroot, so that users can be jailed to their home folder only. FTP works
well in chroot environment on this server. But sftp does not restrict to
chrooted home folder.

I searched on Google for same and find some references
[http://www.coding-zone.com/chroot+sftp-server.patch and
http://chrootssh.sourceforge.net <http://chrootssh.sourceforge.net/> ]
to use the code given and patch the source code of Openssh, but patching
did not work for me.

I tried to patch the Openssh 4.3p2 source code from openssh.org as given
on http://www.coding-zone.com/chroot+sftp-server.patch but patching
fails.

tnchftpup01 # patch -p 0 < ../openssh-chroot-patch

  Looks like a unified context diff.

Hunk #1 succeeded at 15 (offset 7 lines)

Hunk #2 failed at line 1028.

1 out of 3 hunks failed: saving rejects to sftp-server.c.rej

done

The compilation for source code given at
http://chrootssh.sourceforge.net/ fails in make as

--------------------------------------------------

usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DSSH_RAND_HELPER=\"/usr/local/libexec/ssh-rand-helper\" -DHAVE_CONFIG_H
-c sshconnect2.c

gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o
sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat
-lresolv -lcrypto -lrt -lz -lsocket -lnsl

Undefined first referenced

 symbol in file

EVP_aes_192_cbc ./libssh.a(cipher.o)

EVP_aes_256_cbc ./libssh.a(cipher.o)

ld: fatal: Symbol referencing errors. No output written to ssh

collect2: ld returned 1 exit status

*** Error code 1

make: Fatal error: Command failed for target `ssh'

--------------------------------------------

Anyone can provide some input on same and possibly how-to's. I would
prefer to use bult in ssh in solaris 10, if there is any way to
implement chroot sftp with it.

tnchftpup01 # uname -a

SunOS tnchftpup01 5.10 Generic_118833-20 sun4u sparc SUNW,Ultra-250

tnchftpup01 # ssh -V

Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:40:45 EDT