Mail Archives: cygwin/2004/11/26/19:45:55

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2004/11/26/19:45:55

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

To: cygwin AT cygwin DOT com

From: "John M. L." <john AT recaffeinated DOT com>

Subject: Chrooted OpenSSH for Windows (rssh sftp cygwin)

Date: Fri, 26 Nov 2004 19:45:37 -0500

Lines: 105

Message-ID: <BDCD3861.3BCF%john@recaffeinated.com>

Mime-Version: 1.0

X-Complaints-To: usenet AT sea DOT gmane DOT org

X-Gmane-NNTP-Posting-Host: nr27-66-42-232-5.fuse.net

User-Agent: Microsoft-Entourage/11.1.0.040913

X-IsSubscribed: yes

I've been trying to implement an sftp server using OpenSSH for Windows
(http://sshwindows.sourceforge.net).  I haven't found much recent discussion
on th topic of running OpenSSH in a chrooted jail on cygwin, but the
following messages from a year ago have shed some light on the topic:

http://archive.erdelynet.com/ssh-l/2003-10/msg00057.php

http://www.cygwin.com/ml/cygwin/2003-08/msg00738.html

http://cygwin.com/ml/cygwin/2003-07/msg01500.html

I almost have the system running on Windows 2000 Server.  Using the ssh
server without chroot is fine.  However, when I try to connect using the
chrooted sftp shell it automatically disconnects the user.  Using WinSCP3 to
connect returns at cryptic error code 127 and a command line sftp just dies
silently with no explanation.

Here's my current login shell script for users:

#!/bin/sh
#echo Parameters: "$@" >> /home/sshlogin.log
if [ "$*" != "-c /usr/sbin/sftp-server" ]; then
   echo "Sorry, sftp only!"
   exit 1
fi

#without chroot works!
exec /bin/sh -i "$@"

#with chroot no such luck
#chroot /cygdrive/c/StudentsShare exec /bin/sh -i "$@"


I'm assuming part of the problem may be the required files for the /bin/sh
call are not inside the chroot jail /cygdrive/c/StudentsShare.  If this is
the case, I would like to know if anyone could let me know what files should
be included.  At first I got Cygwin dll errors stating that cyg*.* could not
be found. They stopped once I moved the files into the jail and/or fixed
environment path variables.

I have two log files using sshd -d -d -d for high debug output.  They can be
found here:

Chrooted log:
http://john.isosceles7.com/files/login_chroot.txt

Un Chrooted log
http://john.isosceles7.com/files/login_nochroot.txt

The debug is cryptic, but if I think the error in the chroot is around line
116.  Here's an excerpt of this piece


Chrooted log (lines 112-126):

subsystem request for sftp
debug1: subsystem: exec() /usr/sbin/sftp-server
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug2: channel 0: read<=0 rfd 10 len 0
debug1: Received SIGCHLD.
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: notify_done: reading
debug1: session_by_pid: pid 1364
debug1: session_exit_message: session 0 channel 0 pid 1364

Un Chrooted log (lines 112-126):

subsystem request for sftp
debug1: subsystem: exec() /usr/sbin/sftp-server
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1368
debug1: session_exit_message: session 0 channel 0 pid 1368
debug2: channel 0: request exit-status
debug1: session_exit_message: release channel 0
debug1: session_close: session 0 pid 1368


Any help on my problem would be appreciated!  Of course if any other
background information is helpful I will gladly contribute!


... An additional note:  The new cygwin dll 1.5.12-1 source includes
wordexp.h which was a problem that prohibited using rssh
(http://www.pizzashack.org) instead of chrooting openssh.  Does anyone know
how this will affect rssh?



Thanks,

John M Lauck



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
To:	cygwin AT cygwin DOT com
From:	"John M. L." <john AT recaffeinated DOT com>
Subject:	Chrooted OpenSSH for Windows (rssh sftp cygwin)
Date:	Fri, 26 Nov 2004 19:45:37 -0500
Lines:	105
Message-ID:	<BDCD3861.3BCF%john@recaffeinated.com>
Mime-Version:	1.0
X-Complaints-To:	usenet AT sea DOT gmane DOT org
X-Gmane-NNTP-Posting-Host:	nr27-66-42-232-5.fuse.net
User-Agent:	Microsoft-Entourage/11.1.0.040913
X-IsSubscribed:	yes