-1

I have a Debian Wheezy server where i would like to chroot certain users when they log in via the openssh server. I am getting an odd error however: For test purposes i have simply added

ChrootDirectory /data/

To my sshd_config file (And restarting the server)

When i attempt to log in via putty, the window simply closes without an error message. When i try to use the openssh-client from the server to itself, i get this error:

ssh testuser@localhost
testuser@localhost's password:
Last login: ....
/bin/bash: No such file or directory
Connection to localhost closed

the /data/ directory is owned by root:root and has 755 permissions. If i try to add a /data/testuser dir with the same permissions, the same error occurs.

There is no trace of either attempt in auth.log.

If i remove the chroot line from the sshd_config and restart the server, i am allowed to log in normally both via putty and the openssh-client.

Why am i getting this error? I do not understand it.

Martin Nielsen
  • 73
  • 2
  • 12

1 Answers1

7

This is normal and expected with a chroot as you have configured it. What you really need to do is spend some time learning about the tools you are using. Specifically what a chroot is and how it works which is clearly different from how you think. This excerpt from wikipedia explains the problem you are seeing and provides insights into further study for you to undertake.

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally not access) files outside the designated directory tree.

user9517
  • 114,104
  • 20
  • 206
  • 289
  • While you obviously know what the problem is, you did not actully answer. Are you saying that the problem is that the user is initially placed outside the chroot? – Martin Nielsen Oct 24 '14 at 23:03
  • @MartinNielsen I have fully and completely answered your question. the last sentence of the quote in particular is relevant. Also, like I said - _you_ need to put some effort into learning how the tools you want to use work. Learning how to do your own research and reading documentation is a fundamental system administration skill that you really need to invest some time in. – user9517 Oct 25 '14 at 12:35
  • You may think you have. Its not that i dont appreciate the time you spent writing an answer. In my own personal oppinion though, the way the answer is formulated is a lot of the reason why the unix platform was very hard to get familiar with a decade ago. The "the only way to learn is through man-pages" mantra is luckily almost gone, and people are much more helpful today in general. It's just sad that there are still people left who feel like the only way to help people is through punishment. The question stemmed from a simple misunderstanding, the whole You didn't study, did you?: not needed – Martin Nielsen Oct 25 '14 at 18:44