Chroot Folder not working on 2012.

7 posts / 0 new
Last post
worm_za
Offline
Last seen: 5 years 7 months ago
Joined: 13.04.2011 - 17:21
Chroot Folder not working on 2012.

Hi There,

I have Copssh running on multiple 2008 servers and it works beautifully. I've tried to use the same setup on 2012 R2, but for some reason I can't get the Chroot folder to work.

THe problem comes in when I try change the following line in the passwd file:

SvcCOPSSH:unused_by_nt/2000/xp:1002:545:U-ServerName\SvcCOPSSH,S-1-5-21-1113419866-2704146496-1308923179-1002:/var/:/bin/false

To the following:

SvcCOPSSH:unused_by_nt/2000/xp:0:545:U-ServerName\SvcCOPSSH,S-1-5-21-1113419866-2704146496-1308923179-1002:/var/:/bin/false

I've changed the 1002 to a 0. I needed to do this on 2008 to get the Chroot folder to work. When I try this setting on Server 2012 R2 it doesn't even allow the connection to the server.

Please help. :)

itefix
Offline
Last seen: 6 hours 26 min ago
Joined: 01.05.2008 - 21:33
No idea which version you

No idea which version you use, but it is not a good practice to use SvcCopssh account for normal operations - it is designed to be used as a service account only. Check our FAQ for more information.

worm_za
Offline
Last seen: 5 years 7 months ago
Joined: 13.04.2011 - 17:21
Hi. Sorry for not being

Hi.

Sorry for not being clear. The SvcCopssh account is the service account. It appears in the passwd account, and I change the account ID from the one it is given to a 0. This is the only way I could get the Chroot folder to work.

 

Users connect with different user accounts. i.e. They do not connect with the SvcCopssh account. This account (and setting in the passwd file) is only used to allow the connections to take place.

itefix
Offline
Last seen: 6 hours 26 min ago
Joined: 01.05.2008 - 21:33
Which Copssh version do you

Which Copssh version do you use ?

worm_za
Offline
Last seen: 5 years 7 months ago
Joined: 13.04.2011 - 17:21
Currently using 4.1.0.

Currently using 4.1.0.

itefix
Offline
Last seen: 6 hours 26 min ago
Joined: 01.05.2008 - 21:33
This is a quite old version

This is a quite old version and not supported by us any longer. What I can recommend is not to touch settings of the service account at all, and try to set chroot directory for each user via match directives as more recent versions of Copssh do.

worm_za
Offline
Last seen: 5 years 7 months ago
Joined: 13.04.2011 - 17:21
Thanks for the information.

Thanks for the information. On that version the only way to get Chroot directory working (that I could find) even with options in the sshd file.

I will head your advice though. I will also download the latest version and try it out.

Thanks for all the help.