Date: Thu, 20 Jan 2011 09:45:03 +0000 From: krad <kraduk@gmail.com> To: Ibrahim Harrani <ibrahim.harrani@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: chrooted ssh user and /dev/tty permission denied Message-ID: <AANLkTikJdhVVOiwLLm7Cu8Dj7Jt_D51CDTwj=fzVMBU6@mail.gmail.com> In-Reply-To: <AANLkTi=HBmetS%2B8bHSwyXJ4h5OnYXfRYdknGZ5u6j%2BS%2B@mail.gmail.com> References: <AANLkTi=HBmetS%2B8bHSwyXJ4h5OnYXfRYdknGZ5u6j%2BS%2B@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 January 2011 09:06, Ibrahim Harrani <ibrahim.harrani@gmail.com> wrote= : > Hi, > > I have a problem with making remote ssh connection in chroot env. > > I configured chroot in sshd_config on FreeBSD 8.1 like following. > > Match user myuser > =A0 =A0 =A0 =A0 ChrootDirectory /opt/root/myuser > =A0 =A0 =A0 =A0 X11Forwarding no > =A0 =A0 =A0 =A0 AllowTcpForwarding no > =A0 =A0 =A0 =A0 RSAAuthentication yes > =A0 =A0 =A0 =A0 PubkeyAuthentication yes > > and configured fstab like following. > > devfs =A0 =A0 =A0 =A0 =A0/opt/root/myuser/dev =A0 =A0 =A0 devfs =A0 rw = =A0 =A0 =A00 =A0 =A0 =A0 0 > > and rc.conf > devfs_set_rulesets=3D"/opt/root/myuser/dev=3Ddevfsrules_jail > > I copied all binaries and libs (such as ssh,ls,pwd,ftp,scp) also. > > I can make ssh connection with this user to chroot enviorment successfull= y. > When I tried to make a =A0ssh/scp/sftp connection to remote box in chroot= . I got > > "cannot open /dev/tty: permission denied" =A0message. > > The permission of /dev/tty is following on chroot's /dev directory > > crw--w---- =A01 root =A0tty =A0 =A00, =A088 Jan 20 11:02 /dev/tty > > I tired to change permission as root from out of the chroot by chmod, > the permission never change. > > What should I do to make a remo ssh conn inside of the chroot env? > > Thanks. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > Just of a matter of interest, why are you using ssh chroot rather than a full jail? You might have more success with a real jail. If there are ip limitations bind it to a loopback address then forward on the ssh connections from a non standard port on the public interface eg port 2222
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikJdhVVOiwLLm7Cu8Dj7Jt_D51CDTwj=fzVMBU6>