[Savannah-hackers] possible fix for sftp on Savannah; please try

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] possible fix for sftp on Savannah; please try

From:	Jonathan Walther
Subject:	[Savannah-hackers] possible fix for sftp on Savannah; please try
Date:	Mon, 6 Oct 2003 04:24:35 -0700
User-agent:	Mutt/1.5.4i

I am back from the farm now, and have turned my thoughts to the problems
of chrooting sftp.

You have the following in /usr/local/bin/cvssh:

'X'*'sftp-server'*)
 # Actually run it.
 valid=yes
 /usr/sbin/chroot /upload /usr/lib/sftp-server
 ;;

I suggest you replace the chroot line with the following:

 exec /usr/local/bin/chroot-sftp

You will find chroot-sftp.c in ~djw; you can "make chroot-sftp" to make
the binary, then copy it to /usr/local/bin.

I notice that when sftp aborts the connection, it says something about
"file descriptor 4".  When the shell invokes chroot, it is not tying
it's file descriptor 4 to that of the chroot process.  By using "exec",
this should work.

In case you are interested, here is the source for chroot-sftp.c:

-------- chroot-sftp.c ---------

#include <unistd.h>

int
main(int argc, char** argv)
{
       chroot("/upload");
       execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL);
}

-------- chroot-sftp.c ---------

If this doesn't fix sftp, then we need to try the following:

In /etc/ssh/sshd_config, change the line that reads:

 Subsystem sftp /usr/local/bin/cvssh

To read:

 Subsystem sftp /usr/local/bin/chroot-sftp

Please let me know how this works; I know you are busy, and if I can do
anything at all to help you try this out faster, please let me know.

Sincerely,

Jonathan Walther
Xouvert Project Coordinator

--

It's not true unless it makes you laugh,but you don't understand it until it makes you weep.

   -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                    Geek House Productions, Ltd.

 Providing Unix & Internet Contracting and Consulting,
 QA Testing, Technical Documentation, Systems Design & Implementation,
 General Programming, E-commerce, Web & Mail Services since 1998

Phone:   604-435-1205
Email:   address@hidden
Webpage: http://reactor-core.org
Address: 2459 E 41st Ave, Vancouver, BC  V5R2W2

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers] possible fix for sftp on Savannah; please try, Jonathan Walther <=
- [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/06
  - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/06
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/06
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/13
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/14
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Andreas Schwab, 2003/10/14

Prev by Date: [Savannah-hackers] Cron <address@hidden> make -s -C /subversions/savannah/dumps all
Next by Date: [Savannah-hackers] submission of RTPproxy - savannah.gnu.org
Previous by thread: [Savannah-hackers] Uploading files
Next by thread: [Savannah-hackers] Re: possible fix for sftp on Savannah; please try
Index(es):
- Date
- Thread