[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] Sftp users are not able to chroot with Jailkit setup

From: Olivier Sessink
Subject: Re: [Jailkit-users] Sftp users are not able to chroot with Jailkit setup
Date: Sat, 25 Jun 2011 09:57:34 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20110424 Thunderbird/3.1.10

On 06/25/2011 08:52 AM, Seshan, Vinod K. (CONT) wrote:
In our environment we are not using OpenSSH, and we are using SSH Tectia
6.1.7 build 139 ( Server as well as client).

We have removed OpenSSH from this server and using Tectia SSH instead.

When a chrooted user configured with jailkit login to server using ssh ,
the user is logged into the correct jail and the
jailed user cannot go to other directories out of jail. But if the
chrooted user sftp to the server, the user is not chrooted and the user
can cd to any other directory in the server.

It seems that the in Tectia ssh server, "chroot" system call can only be
made as root and the sftp-server is run as a subsystem
request by a user inside the ssh session. Is it because this the sftp
login is not able to enter to jail, and using ssh we are
able to enter into jil? If this is the case, then what is the solution
for chroot users who sftp to the server.

I guess that the tectia ssh server starts the sftp subsystem directly, without the users shell. Openssh starts the sftp subsystem with the users shell. So if that shell is jk_chrootsh the sftp subsystem will start within the jail. You might want to ask Tectia if you can configure their server to start sftp with the users shell.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]