Hello community, I have ran a shell script to chroot SSH, this way users will not be able to browse directories and files out of the jail. The script can be found at: http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/ As indicated in: http://www.howtoforge.org/chroot_ssh_sftp_fedora7_p2 After installation I am able to successfully ssh my fedora box from a remote xp host using putty. Good! chrooted ssh is working, not the case of SFTP and SCP. Using the same process with WinSCP results in failure. Going after the logs I found out the following: Jan 28 23:41:15 localhost sshd[5454]: Accepted password for testuser from 10.10.10.51 port 4385 ssh2 Jan 28 23:41:15 localhost sshd[5454]: pam_unix(sshd:session): session opened for user testuser by (uid=0) Jan 28 23:41:15 localhost sshd[5456]: subsystem request for sftp Jan 28 23:41:15 localhost sudo: testuser : sorry, you must have a tty to run sudo ; TTY=unknown ; PWD=/home/chroot/home/testuser ; USER=root ; COMMAND=/usr/sbin/chroot /home/chroot /bin/su - testuser -c /usr/libexec/openssh/sftp-server Jan 28 23:41:15 localhost sshd[5454]: pam_unix(sshd:session): session closed for user testuser I cat my sudoers files and I find an entry for this user at the end of the file: testuser ALL=NOPASSWD: /usr/sbin/chroot, /bin/su - testuser I cannot figure it out though. I lack knowledge editing this file. Any help, suggestion will be appreciated. Thank you Angelito
Fixed! Thank you falko, got it to work! (using the script) As reference I want to say that I found out that OpenSSH finally has natively support for isolating users to their home directories when using sftp. Reference links: http://www.zdnetasia.com/techguide/opensource/0,39044899,62043704,00.htm http://it.toolbox.com/blogs/unix-sysadmin/more-openssh-fun-easy-chrooting-sftpscp-connections-28473 I hope this would be a good reference for searches with the same sleepless drama I was going through. Angel/ ito / Naco
