PDA

View Full Version : SSH Chroot Problems


sinjab
13th June 2007, 16:36
Hi,

I have successfully chrooted SSH with ISPConfig. Users see there home directory as root using PuTTY and WinSCP (SCP mode). The problem is that users can't transfer files up nor down. WinSCP gives this error:


Cannot execute SCP to start transfer. Please make sure that SCP is installed on the server and path to it is included in PATH. You may also try SFTP instead of SCP.
Command failed with return code 127.


WinSCP (SFTP mode) doesn't work at all and gives this error:


Connection has been unexpectedly closed. Server sent command exit status 1.


However, FTP works fine.

WinSCP (SCP mode) also gives this error at startup:


Command 'groups'
failed with return code 1 and error message
id: cannot find name for group ID 10001.


How can I fix these problems?

Thanks

falko
14th June 2007, 22:34
Please put the scp command into the chroot jail.

sinjab
15th June 2007, 06:57
I have done that:


cp /usr/bin/scp /var/www/web1/usr/bin


The error is still there with different return code.


Cannot execute SCP to start transfer. Please make sure that SCP is installed on the server and path to it is included in PATH. You may also try SFTP instead of SCP.
Command failed with return code 1.


I also tried adding /usr/bin/scp to APPS in create_chroot_env.sh and running:


/root/ispconfig/scripts/shell/create_chroot_env.sh web1_admin


It gave me some mkdir errors because directories already exist but it copied /usr/bin/scp to /var/www/web1/usr/bin. However, the same error is still there.

falko
16th June 2007, 14:35
What's the exact error message if you go to the chroot jail and start an scp command on the command line?

sinjab
16th June 2007, 20:33
The the error message of scp is:


Couldn't open /dev/null: No such file or directory


I have created /var/www/web1/dev and copied /dev/null to it. WinSCP (all modes) works!

Thanks

sinjab
16th June 2007, 21:18
For error:


Command 'groups'
failed with return code 1 and error message
id: cannot find name for group ID 10001.


I have added this to /var/www/web1/etc/group:


web1:x:10001:web1_admin


and the error is resolved.

till
17th June 2007, 14:21
ISPConfig adds this line in the groups file normally automatically, maybe you executed the chrooting script manually so it gets not added?

edwintenhaaf
24th August 2007, 10:23
Hello,

I'm havind the same problems using the ssh chroot functions
in the users /etc/group file you can only see one line with the Root user. Adding the line manualy like Sinjab say's solves the problem for a while but when editing is ispconfig and saving the config it overwrites the group file.

I have followed the ssh chroot tutorial. In the ispconfig file chrootUsers is set form 0 to 1

Using debian etch 4.0 and the previous version of ispconfig (not the one released on 23 august)

Any ideas ?