Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

chroot jail on AIX 5.3 using new IBM developerWorks document

315 views
Skip to first unread message

Ron

unread,
Aug 21, 2008, 2:15:21 PM8/21/08
to
IBM has a paper dated 05 May 2008 entitled "openssh with AIX chroot" -
link is;

http://www.ibm.com/developerworks/aix/library/au-settingupchroot/?S_TACT=105AGY06&

that I have attempted to set up a chroot jail for ssh, scp and sftp
following this document.
The chroot jail works and ssh and scp work as I expect them to work
however I can't get
sftp to work with it - after entering the password it simply exits
with the message
"Connection closed". The system environment I'm attempting this on
is;

AIX 5300-06-03-0732

with open ssh/ssl installed at levels;

openssh.base.client 4.7.0.5301
openssh.base.server 4.7.0.5301
openssh.license 4.7.0.5301
openssh.man.en_US 4.7.0.5301
openssh.msg.en_US 4.7.0.5301
openssl.base 0.9.8.601
openssl.license 0.9.8.601
openssl.man.en_US 0.9.8.601

which all seem to meet the pre-req's in the document.

sftp works on the system outside the chroot jail

The document has instructions for doing the setup manually as well as
provides a link to a script to set it up for you, and sftp fails under
both attempts to set it up.

Anyone else successfully get this to work for them? I've even tried
it on two different servers.
Have checked file/directory permissions, etc. but just stuck at this
point.

Thanks,

Ron

Henry

unread,
Aug 21, 2008, 9:48:32 PM8/21/08
to
On Aug 22, 6:15 am, Ron <zephe...@hotmail.com> wrote:
> IBM has a paper dated 05 May 2008 entitled "openssh with AIX chroot" -
> link is;
>
> http://www.ibm.com/developerworks/aix/library/au-settingupchroot/?S_T...

did you try putting syslog into debug mode ?

Mark

unread,
Aug 22, 2008, 3:45:23 AM8/22/08
to

"Henry" <snogfest_...@yahoo.com> wrote in message
news:8225d48b-c2f2-489e...@a3g2000prm.googlegroups.com...

I recall that with comercial SSH products, you need to use the internal
sftpserver instead.
Try changing 'subsystem sftp >path-to-sftp-server>' into 'subsystem sftp
internal-sftp' in /etc/ssh2/sshd_config and restart the daemon.

Ron

unread,
Aug 22, 2008, 9:34:38 AM8/22/08
to
On Aug 21, 12:15 pm, Ron <zephe...@hotmail.com> wrote:
> IBM has a paper dated 05 May 2008 entitled "openssh with AIX chroot" -
> link is;
>
> http://www.ibm.com/developerworks/aix/library/au-settingupchroot/?S_T...


All that was needed was to copy my /etc/ssh/sshd_config into my chroot
jail - Thanks Jyoti!

I've read multiple posts in various places about people having
problems with a chroot jail for AIX and needing to use
an addon product like rssh or scponly to make it work. Maybe they add
something to the mix, and I was
ready to use one of them, but the referenced document by IBM makes it
a simple process to get it set up and working natively.

Ron

0 new messages