Re: [Jailkit-users] Sftp users are not able to chroot with Jailkit setup

[Olivier Sessink]

On 06/25/2011 08:52 AM, Seshan, Vinod K. (CONT) wrote:
> In our environment we are not using OpenSSH, and we are using SSH Tectia
> 6.1.7 build 139 ( Server as well as client).
>
> We have removed OpenSSH from this server and using Tectia SSH instead.
>
> When a chrooted user configured with jailkit login to server using ssh ,
> the user is logged into the correct jail and the
> jailed user cannot go to other directories out of jail. But if the
> chrooted user sftp to the server, the user is not chrooted and the user
> can cd to any other directory in the server.
>
> It seems that the in Tectia ssh server, "chroot" system call can only be
> made as root and the sftp-server is run as a subsystem
> request by a user inside the ssh session. Is it because this the sftp
> login is not able to enter to jail, and using ssh we are
> able to enter into jil? If this is the case, then what is the solution
> for chroot users who sftp to the server.

I guess that the tectia ssh server starts the sftp subsystem directly, 
without the users shell. Openssh starts the sftp subsystem with the 
users shell. So if that shell is jk_chrootsh the sftp subsystem will 
start within the jail. You might want to ask Tectia if you can configure 
their server to start sftp with the users shell.

Olivier