Running 'ssh' and 'scp' from a chroot jail (sandbox)

Scheidel, Greg (Contractor) Greg.Scheidel at ed.gov
Tue Apr 10 02:53:58 EST 2001


I have a need to have users SSH into a server where they are limited to a
chroot jail (sandbox).  Once they are there, they need to be able to execute
'ssh' and 'scp' to other systems.

I've no problem setting up the basic chroot jail and providing basic
functionality (ls, cat, less, etc).  The part that is stopping me is setting
it up so that that user can then 'ssh' and 'scp' out.

Actually I've got (nearly) working based on ldd and strace testing, but it
seems somewhat kludgy:
- Requires links from the chroot jail /etc to non-chroot'd /etc/tty and
/etc/urandom (bad idea for a chroot jail?)
- 'ssh' from the chroot jailed user sees the user's home directory as the
full non-chroot'd path
- 'scp' into the chroot jailed user home directory fails with 'Permission
denied.', despite the home directory being 777, the correct password being
used, and 'ssh' into the chroot jailed user working fine

What are the bare bones requirements for enabling these binaries within the
chroot jail?  Any assistance on what I am missing here would be appreciated.

Greg S.


PS - Apologies if this is not the proper list for a question of this nature;
it seemed the most appropriate.  If it isn't, please just let me know.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010409/3037944d/attachment.html 


More information about the openssh-unix-dev mailing list