On Fri, Feb 06, 2009 at 12:13:22PM -0600, Robert Dailey wrote: > Match user kenny > X11Forwarding no > AllowTcpForwarding no > ForceCommand internal-sftp > ChrootDirectory /mnt/kenny > > When I try to connect to the server using user 'kenny', it fails to allow me > to connect as if ChrootDirectory is still taking control of handling chroot,
That's because it is... you need to shut that off. Anything sshd does happens before rssh is involved, so if you tell sshd to chroot, it will, and you'll be subject to all those same restrictions. > What else can I do? After you fix sshd, then you need to read all the documentation regarding setting up a chroot jail with rssh. It's complicated, and system-dependent, so you need to have a good understanding of how it works before you will be successful. Why doesn't rssh do this for you? It's because rssh works with your sshd (which may be any version of OpenSSH, or even some other sshd). OpenSSH's chroot functionality can take care of this all for you, because it is doing it on behalf of itself... it knows exactly which of its files and supporting programs it will need to copy into the jail. Whereas rssh is working with an unspecified third-party SSH implementation, all it can really do is guess, and there's a good chance it will guess wrong. Not only that, but you may need additional files or programs to meet your specific needs (e.g. you may or may not want cvs binaries, rsync, etc.)... So it's crucial that the sysadmin understands the process. This is the same reason why I don't fold in updates that people send to the example script I provide for setting up a chroot jail. The details are platform-dependent, and also sshd-dependent. Changes people make will almost certainly not work for other people with different configurations... So, rather than trying to write (and maintain) code that figures all that out, for every conceivable configuration of sshd, it's left as an excercise for you, the system administrator. But I've given you good docs to explain it -- it's up to you to read them. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgpGRdSavFf4e.pgp
Description: PGP signature
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ rssh-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rssh-discuss
