Hi There,
I have Copssh running on multiple 2008 servers and it works beautifully. I've tried to use the same setup on 2012 R2, but for some reason I can't get the Chroot folder to work.
THe problem comes in when I try change the following line in the passwd file:
SvcCOPSSH:unused_by_nt/2000/xp:1002:545:U-ServerName\SvcCOPSSH,S-1-5-21-1113419866-2704146496-1308923179-1002:/var/:/bin/false
To the following:
SvcCOPSSH:unused_by_nt/2000/xp:0:545:U-ServerName\SvcCOPSSH,S-1-5-21-1113419866-2704146496-1308923179-1002:/var/:/bin/false
I've changed the 1002 to a 0. I needed to do this on 2008 to get the Chroot folder to work. When I try this setting on Server 2012 R2 it doesn't even allow the connection to the server.
Please help. :)
No idea which version you use, but it is not a good practice to use SvcCopssh account for normal operations - it is designed to be used as a service account only. Check our FAQ for more information.
Hi.
Sorry for not being clear. The SvcCopssh account is the service account. It appears in the passwd account, and I change the account ID from the one it is given to a 0. This is the only way I could get the Chroot folder to work.
Users connect with different user accounts. i.e. They do not connect with the SvcCopssh account. This account (and setting in the passwd file) is only used to allow the connections to take place.
Which Copssh version do you use ?
Currently using 4.1.0.
This is a quite old version and not supported by us any longer. What I can recommend is not to touch settings of the service account at all, and try to set chroot directory for each user via match directives as more recent versions of Copssh do.
Thanks for the information. On that version the only way to get Chroot directory working (that I could find) even with options in the sshd file.
I will head your advice though. I will also download the latest version and try it out.
Thanks for all the help.