dropbear & rssh chroot
Matt Johnston
matt at ucc.asn.au
Thu Jul 27 13:35:47 WST 2006
On Thu, Jul 27, 2006 at 05:05:47PM +1200, Karl. wrote:
> OK. After the encouragement of being told it should work, I managed to
> find the problem while gathering the documentation for my "Why doesn't
> it work?" email :-)
>
> Here's the relevant info:
> syslog for openssh attempt shows:
> Jul 27 16:02:06 localhost rssh[5305]: chroot cmd line: /usr/lib/rssh/rssh_chroot_helper 2 "/usr/lib/openssh/sftp-server"
> ====
> syslog for dropbear attempt shows:
> Jul 27 16:03:54 localhost rssh[6017]: user lsa attempted to execute forbidden commands
> Jul 27 16:03:54 localhost rssh[6017]: command: /usr/lib/sftp-server
> I imagine I will need to recompile dropbear with the altered path - I
> have a faint recollection of reading something about Debian having
> changed some openssh paths as part of the packaging setup.
There's a SFTPSERVER_PATH setting in options.h that changes
this. Unfortunately the path seems to vary a fair bit
between systems. You might be able to work around the issue
by changing the symlink to a hardlink, and modifying rssh's
config file to allow the /usr/lib/sftp-server path.
Matt
More information about the Dropbear
mailing list