For the past few days I've been trying to setup a chroot on my Ubuntu server but I've been running into an issue. I've tried several different methods of setting up a chroot on Ubuntu including just manually setting up folder permissions myself and then statically linking libraries for the binaries I wanted to allow but at the moment I'm currently using Jailkit to setup the chroot enviroment but with both setups I've had the same issue, after setting up the chroot and trying to log into ssh I'm immediately greeted with a forced closed terminal. When I run a debug sshd I see that it's because sshd cannot find /dev/pts for some reason even though it's in the chroot enviroment.
Here is my setup which was all populated by Jailkit except for /dev/pts which is mounted using
sudo mount -o bind /dev/pts /data/jail/dev/pts
/data/jail/home/user
/data/jail/dev
/data/jail/dev/pts
/data/jail/dev/tty
This is what the debug sshd shows:
debug3: safely_chroot: checking '/'
debug3: safely_chroot: checking '/data/'
debug3: safely_chroot: checking '/data/jail/'
debug3: safely_chroot: checking '/data/jail/home/'
debug3: safely_chroot: checking '/data/jail/home/user'
Changed root directory to "/data/jail/home/user"
debug1: permanently_set_uid: 1002/1003
debug2: set_newkeys: mode 0
debug2: set_newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug2: fd 6 setting O_NONBLOCK
debug2: fd 8 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug3: Received SSH2_MSG_IGNORE
debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug3: mm_request_send entering: type 28
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect entering: type 29
debug3: mm_request_receive entering
debug3: mm_request_receive entering
debug3: monitor_read: checking request 28
debug3: mm_answer_pty entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
debug1: SELinux support disabled
debug3: mm_request_send entering: type 29
debug3: mm_answer_pty: tty /dev/pts/8 ptyfd 5
debug1: session_pty_req: session 0 alloc /dev/pts/8
debug1: server_input_channel_req: channel 0 request shell reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
Starting session: shell on pts/8 for user from *.*.*.* port 54006
debug2: fd 3 setting TCP_NODELAY
debug3: packet_set_tos: set IP_TOS 0x10
debug2: channel 0: rfd 11 isatty
debug2: fd 11 setting O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: Setting controlling tty using TIOCSCTTY.
/dev/pts/8: No such file or directory
open /dev/tty failed - could not set controlling tty: No such file or directory
debug3: mm_request_receive entering
debug3: monitor_read: checking request 156
debug3: mm_answer_consolekit_register entering
debug1: session_by_tty: session 0 tty /dev/pts/8
debug1: Unable to open session: The name org.freedesktop.ConsoleKit was not provided by any .service files
