[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] possible fix for sftp on Savannah; please try

From: Jonathan Walther
Subject: [Savannah-hackers] possible fix for sftp on Savannah; please try
Date: Mon, 6 Oct 2003 04:24:35 -0700
User-agent: Mutt/1.5.4i

I am back from the farm now, and have turned my thoughts to the problems
of chrooting sftp.

You have the following in /usr/local/bin/cvssh:

 # Actually run it.
 /usr/sbin/chroot /upload /usr/lib/sftp-server

I suggest you replace the chroot line with the following:

 exec /usr/local/bin/chroot-sftp

You will find chroot-sftp.c in ~djw; you can "make chroot-sftp" to make
the binary, then copy it to /usr/local/bin.

I notice that when sftp aborts the connection, it says something about
"file descriptor 4".  When the shell invokes chroot, it is not tying
it's file descriptor 4 to that of the chroot process.  By using "exec",
this should work.

In case you are interested, here is the source for chroot-sftp.c:

-------- chroot-sftp.c ---------

#include <unistd.h>

main(int argc, char** argv)
       execl("/usr/lib/sftp-server", "/usr/lib/sftp-server", NULL);

-------- chroot-sftp.c ---------

If this doesn't fix sftp, then we need to try the following:

In /etc/ssh/sshd_config, change the line that reads:

 Subsystem sftp /usr/local/bin/cvssh

To read:

 Subsystem sftp /usr/local/bin/chroot-sftp

Please let me know how this works; I know you are busy, and if I can do
anything at all to help you try this out faster, please let me know.


Jonathan Walther
Xouvert Project Coordinator


It's not true unless it makes you laugh, but you don't understand it until it makes you weep.

                    Geek House Productions, Ltd.

 Providing Unix & Internet Contracting and Consulting,
 QA Testing, Technical Documentation, Systems Design & Implementation,
 General Programming, E-commerce, Web & Mail Services since 1998

Phone:   604-435-1205
Email:   address@hidden
Address: 2459 E 41st Ave, Vancouver, BC  V5R2W2

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]