This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Chrooted OpenSSH for Windows (rssh sftp cygwin)
- From: "John M. L." <john at recaffeinated dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 26 Nov 2004 19:45:37 -0500
- Subject: Chrooted OpenSSH for Windows (rssh sftp cygwin)
I've been trying to implement an sftp server using OpenSSH for Windows
(http://sshwindows.sourceforge.net). I haven't found much recent discussion
on th topic of running OpenSSH in a chrooted jail on cygwin, but the
following messages from a year ago have shed some light on the topic:
http://archive.erdelynet.com/ssh-l/2003-10/msg00057.php
http://www.cygwin.com/ml/cygwin/2003-08/msg00738.html
http://cygwin.com/ml/cygwin/2003-07/msg01500.html
I almost have the system running on Windows 2000 Server. Using the ssh
server without chroot is fine. However, when I try to connect using the
chrooted sftp shell it automatically disconnects the user. Using WinSCP3 to
connect returns at cryptic error code 127 and a command line sftp just dies
silently with no explanation.
Here's my current login shell script for users:
#!/bin/sh
#echo Parameters: "$@" >> /home/sshlogin.log
if [ "$*" != "-c /usr/sbin/sftp-server" ]; then
echo "Sorry, sftp only!"
exit 1
fi
#without chroot works!
exec /bin/sh -i "$@"
#with chroot no such luck
#chroot /cygdrive/c/StudentsShare exec /bin/sh -i "$@"
I'm assuming part of the problem may be the required files for the /bin/sh
call are not inside the chroot jail /cygdrive/c/StudentsShare. If this is
the case, I would like to know if anyone could let me know what files should
be included. At first I got Cygwin dll errors stating that cyg*.* could not
be found. They stopped once I moved the files into the jail and/or fixed
environment path variables.
I have two log files using sshd -d -d -d for high debug output. They can be
found here:
Chrooted log:
http://john.isosceles7.com/files/login_chroot.txt
Un Chrooted log
http://john.isosceles7.com/files/login_nochroot.txt
The debug is cryptic, but if I think the error in the chroot is around line
116. Here's an excerpt of this piece
Chrooted log (lines 112-126):
subsystem request for sftp
debug1: subsystem: exec() /usr/sbin/sftp-server
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug2: channel 0: read<=0 rfd 10 len 0
debug1: Received SIGCHLD.
debug2: channel 0: read failed
debug2: channel 0: close_read
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug2: channel 0: input drain -> closed
debug2: notify_done: reading
debug1: session_by_pid: pid 1364
debug1: session_exit_message: session 0 channel 0 pid 1364
Un Chrooted log (lines 112-126):
subsystem request for sftp
debug1: subsystem: exec() /usr/sbin/sftp-server
debug2: fd 10 setting O_NONBLOCK
debug2: fd 9 setting O_NONBLOCK
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 1368
debug1: session_exit_message: session 0 channel 0 pid 1368
debug2: channel 0: request exit-status
debug1: session_exit_message: release channel 0
debug1: session_close: session 0 pid 1368
Any help on my problem would be appreciated! Of course if any other
background information is helpful I will gladly contribute!
... An additional note: The new cygwin dll 1.5.12-1 source includes
wordexp.h which was a problem that prohibited using rssh
(http://www.pizzashack.org) instead of chrooting openssh. Does anyone know
how this will affect rssh?
Thanks,
John M Lauck
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/