From owner-freebsd-questions@FreeBSD.ORG Thu Jan 20 09:45:05 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4555D106566B for ; Thu, 20 Jan 2011 09:45:05 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id CCC6E8FC18 for ; Thu, 20 Jan 2011 09:45:04 +0000 (UTC) Received: by wyf19 with SMTP id 19so420173wyf.13 for ; Thu, 20 Jan 2011 01:45:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=mfQfYR2fFQcYyBzpG+hKGRR1BrbpcjJnaYiKPfk11cA=; b=Lbj/uOdcppHPb/8hfp09GYPms1jdGAj2KFZX5TriQgCog2okrbxd8So9s9cC6zKJr+ jgUu4VKSL0Fcqog72Fzbl6Cr6nyPMnQOYZHVoAXYlqPh8jWstgn96btKZoP5aXdBI9nG B4IzMDCGTs7pgCya9wApBV8IbkXcs2Wf+1dCo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=TGSJRFPnPSURiM1S4QH476eI/NshCzWmwk1unneBayD8C0Pno2lJRxwgNUgfe15WVB kUhc+VeIGOy3vvWsJrAew9TzeUm6RS0+h5g7ROBulYJFFuDF3cj7DRHGeFH3pzLrtKEi jOP5l52m3G/HfBLrRAht0NrSAVpUfAFKlPFls= MIME-Version: 1.0 Received: by 10.216.65.16 with SMTP id e16mr1623570wed.73.1295516703643; Thu, 20 Jan 2011 01:45:03 -0800 (PST) Received: by 10.216.167.199 with HTTP; Thu, 20 Jan 2011 01:45:03 -0800 (PST) In-Reply-To: References: Date: Thu, 20 Jan 2011 09:45:03 +0000 Message-ID: From: krad To: Ibrahim Harrani Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: chrooted ssh user and /dev/tty permission denied X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2011 09:45:05 -0000 On 20 January 2011 09:06, Ibrahim Harrani wrote= : > Hi, > > I have a problem with making remote ssh connection in chroot env. > > I configured chroot in sshd_config on FreeBSD 8.1 like following. > > Match user myuser > =A0 =A0 =A0 =A0 ChrootDirectory /opt/root/myuser > =A0 =A0 =A0 =A0 X11Forwarding no > =A0 =A0 =A0 =A0 AllowTcpForwarding no > =A0 =A0 =A0 =A0 RSAAuthentication yes > =A0 =A0 =A0 =A0 PubkeyAuthentication yes > > and configured fstab like following. > > devfs =A0 =A0 =A0 =A0 =A0/opt/root/myuser/dev =A0 =A0 =A0 devfs =A0 rw = =A0 =A0 =A00 =A0 =A0 =A0 0 > > and rc.conf > devfs_set_rulesets=3D"/opt/root/myuser/dev=3Ddevfsrules_jail > > I copied all binaries and libs (such as ssh,ls,pwd,ftp,scp) also. > > I can make ssh connection with this user to chroot enviorment successfull= y. > When I tried to make a =A0ssh/scp/sftp connection to remote box in chroot= . I got > > "cannot open /dev/tty: permission denied" =A0message. > > The permission of /dev/tty is following on chroot's /dev directory > > crw--w---- =A01 root =A0tty =A0 =A00, =A088 Jan 20 11:02 /dev/tty > > I tired to change permission as root from out of the chroot by chmod, > the permission never change. > > What should I do to make a remo ssh conn inside of the chroot env? > > Thanks. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > Just of a matter of interest, why are you using ssh chroot rather than a full jail? You might have more success with a real jail. If there are ip limitations bind it to a loopback address then forward on the ssh connections from a non standard port on the public interface eg port 2222