Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

problems with ChrootDirectory

from [Joseph Spenner] Network Security [Permanent Link]
Subject: problems with ChrootDirectory
Date: Wed, 9 Jul 2008 14:41:11 -0700 (PDT) 
I recently compiled/installed openssh version OpenSSH_5.0p1.  I'm trying to 
make use of the ChrootDirectory to restrict a particular user to only be able 
to use sftp and in their homedir.  From what I've read, I should be able to 
accomplish this by adding something like this to the sshd_config:

Match user jsmith
    ForceCommand internal-sftp
    ChrootDirectory /space/storage/jsmith

I created user jsmith, with his homedir being /space/storage/jsmith.

I restarted sshd.

When I try to connect as that user, the following is returned:

Connection to 10.2.2.135 closed by remote host.
Connection to 10.2.2.135 closed.

The sshd log has an entry:
Jul  9 21:31:12 happybox sshd[8741]: [ID 800047 local5.crit] fatal: bad 
ownership or modes for chroot directory "/space/storage/jsmith"

The permissions of /space/storage/jsmith seem ok:

drwxr-xr-x   3 jsmith   other        512 Jul  9 21:19 jsmith

The .ssh directory is 700, just like my other users (and myself) who can 
connect normal.

I thought maybe the "ForceCommand internal-sftp" was giving me problems, so I 
removed that from the sshd_config to see if I could simply make this user have 
a shell account chroot'd to his homedir.  But, the same error was returned.

If I remove the entries from the sshd_config file, the user can connect fine, 
but not chrooted.

Are there some specific permissions or entries in my sshd_config that I'm 
missing?
Any help would be great.

Thanks!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Deliberately create slow SSH response?, Edmond Baroud
Next by Date:  Re: Deliberately create slow SSH response?, Ben Ford
Previous by Thread:  Deliberately create slow SSH response?, Zembower, Kevin
Next by Thread:  Re: problems with ChrootDirectory, Greg Wooledge
Indexes:  [Date] [Thread] [Top] [All Lists]