[Savannah-hackers] Re: possible fix for sftp on Savannah; please try

savannah-hackers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] Re: possible fix for sftp on Savannah; please try

From:	Mathieu Roy
Subject:	[Savannah-hackers] Re: possible fix for sftp on Savannah; please try
Date:	06 Oct 2003 14:27:48 +0200
User-agent:	Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Jonathan Walther <address@hidden> said:

> I am back from the farm now, and have turned my thoughts to the problems
> of chrooting sftp.

Hum, isn't it working since several weeks?
Several persons have tested and did not noticed any trouble.

There is still the problem of sftp that does not read it's (ssh's one)
configuration file, is it related to that?

 
> 
> You have the following in /usr/local/bin/cvssh:
> 
>  'X'*'sftp-server'*)
>   # Actually run it.
>   valid=yes
>   /usr/sbin/chroot /upload /usr/lib/sftp-server
>   ;;
> 
> I suggest you replace the chroot line with the following:
> 
>   exec /usr/local/bin/chroot-sftp
> 
> You will find chroot-sftp.c in ~djw; you can "make chroot-sftp" to make
> the binary, then copy it to /usr/local/bin.
> 
> I notice that when sftp aborts the connection, it says something about
> "file descriptor 4".  When the shell invokes chroot, it is not tying
> it's file descriptor 4 to that of the chroot process.  By using "exec",
> this should work.
> 
> In case you are interested, here is the source for chroot-sftp.c:
> 
> -------- chroot-sftp.c ---------
> 
> #include <unistd.h>
> 
> int
> main(int argc, char** argv)
> {
>         chroot("/upload");
>         execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL);
> }
> 
> -------- chroot-sftp.c ---------
> 
> If this doesn't fix sftp, then we need to try the following:
> 
> In /etc/ssh/sshd_config, change the line that reads:
> 
>   Subsystem sftp /usr/local/bin/cvssh
> 
> To read:
> 
>   Subsystem sftp /usr/local/bin/chroot-sftp
> 
> Please let me know how this works; I know you are busy, and if I can do
> anything at all to help you try this out faster, please let me know.
> 
> Sincerely,
> 
> Jonathan Walther
> Xouvert Project Coordinator
> 
> -- 
> 
>     It's not true unless it makes you laugh,
> but you don't understand it until it makes you weep.
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> 
>                      Geek House Productions, Ltd.
> 
>   Providing Unix & Internet Contracting and Consulting,
>   QA Testing, Technical Documentation, Systems Design & Implementation,
>   General Programming, E-commerce, Web & Mail Services since 1998
> 
> Phone:   604-435-1205
> Email:   address@hidden
> Webpage: http://reactor-core.org
> Address: 2459 E 41st Ave, Vancouver, BC  V5R2W2
> 
> 

-- 
Mathieu Roy
 
  Homepage:
    http://yeupou.coleumes.org
  Not a native english speaker: 
    http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-hackers] possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/06
- [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy <=
  - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/06
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/06
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Jonathan Walther, 2003/10/13
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Mathieu Roy, 2003/10/14
    - [Savannah-hackers] Re: possible fix for sftp on Savannah; please try, Andreas Schwab, 2003/10/14

Prev by Date: [Savannah-hackers] submission of RTPproxy - savannah.gnu.org
Next by Date: [Savannah-hackers] submission of Localization of mobile object - savannah.nongnu.org
Previous by thread: [Savannah-hackers] possible fix for sftp on Savannah; please try
Next by thread: [Savannah-hackers] Re: possible fix for sftp on Savannah; please try
Index(es):
- Date
- Thread