Nadeko Sengoku asked:
For the past few days I’ve been trying to setup a chroot on my Ubuntu server but I’ve been running into an issue. I’ve tried several different methods of setting up a chroot on Ubuntu including just manually setting up folder permissions myself and then statically linking libraries for the binaries I wanted to allow but at the moment I’m currently using Jailkit to setup the chroot enviroment but with both setups I’ve had the same issue, after setting up the chroot and trying to log into ssh I’m immediately greeted with a forced closed terminal. When I run a debug sshd I see that it’s because sshd cannot find /dev/pts for some reason even though it’s in the chroot enviroment.
Here is my setup which was all populated by Jailkit except for /dev/pts which is mounted using
sudo mount -o bind /dev/pts /data/jail/dev/pts /data/jail/home/user /data/jail/dev /data/jail/dev/pts /data/jail/dev/tty
This is what the debug sshd shows:
debug3: safely_chroot: checking '/' debug3: safely_chroot: checking '/data/' debug3: safely_chroot: checking '/data/jail/' debug3: safely_chroot: checking '/data/jail/home/' debug3: safely_chroot: checking '/data/jail/home/user' Changed root directory to "/data/jail/home/user" debug1: permanently_set_uid: 1002/1003 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 6 setting O_NONBLOCK debug2: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug3: Received SSH2_MSG_IGNORE debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug3: mm_request_send entering: type 28 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 29 debug3: mm_request_receive entering debug3: mm_request_receive entering debug3: monitor_read: checking request 28 debug3: mm_answer_pty entering debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: SELinux support disabled debug3: mm_request_send entering: type 29 debug3: mm_answer_pty: tty /dev/pts/8 ptyfd 5 debug1: session_pty_req: session 0 alloc /dev/pts/8 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell Starting session: shell on pts/8 for user from *.*.*.* port 54006 debug2: fd 3 setting TCP_NODELAY debug3: packet_set_tos: set IP_TOS 0x10 debug2: channel 0: rfd 11 isatty debug2: fd 11 setting O_NONBLOCK debug3: fd 9 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. /dev/pts/8: No such file or directory open /dev/tty failed - could not set controlling tty: No such file or directory debug3: mm_request_receive entering debug3: monitor_read: checking request 156 debug3: mm_answer_consolekit_register entering debug1: session_by_tty: session 0 tty /dev/pts/8 debug1: Unable to open session: The name org.freedesktop.ConsoleKit was not provided by any .service files
As far as I can tell, the
ChrootDirectory is not properly set.
It should be set to:
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.