Running OpenSSH in a chroot without mounted proc on Linux

Mitar mmitar at gmail.com
Mon May 18 03:15:28 EST 2009


Hi!

I have tried to use PAM chroot module to chroot an user into his home
directory after login. The problem is that it fails because "openpty
returns device for which ttyname fails". The fix would be probably
very similar to:

https://bugzilla.mindrot.org/attachment.cgi?id=1415&action=diff

So why OpenSSH is using ttyname which does not work without a proc on
a newer glibc (it tries to translate a proc entry)? Why not use
openpty directly as there is an argument for that?

And about that patch - is it really OK? How big name buffer does
openpty require? Is 64 really enough? Should not it be of PATH_MAX
(+1) size?

I know that OpenSSH supports chrooting from 4.9 version on but I would
like to setup this through PAM so also other programs chroot in the
same manner.

(I have been testing on Debian 5.0, stable, but as I see this code is
the same in the official version.)


Mitar


More information about the openssh-unix-dev mailing list