chroot SFTP ONLY

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I saw this problem posted on many places with no solution so far.

How can we chroot SFTP but NOT SSH sessions for the same user ?
I know it doesn't make sense but humor me, this is a requirement in
some enterprise environments with many generic apps IDs.

The session.c evaluates the type of connection in the function
session_input_channel_req which is called from serverloop.c by
However, this is all done way after chroot happens in the
do_setusercontext function.

so I'm trying to find a way to get the same at that level. I just need
a hint which is the first function to differentiate between sftp and
ssh in the openssh code and how to use it in session.c

Any help will be much appreciated.


Re: chroot SFTP ONLY wrote:
Quoted text here. Click to load it

More people have encountered this situation and wrote scponly (google
the term). Use the scponlyc binary if you want to chroot it.

Re: chroot SFTP ONLY

Steven Mocking wrote:
Quoted text here. Click to load it

to my understanding the scponly is a shell-like binrary you specify in
the passwd file so users will be able to SFTP and SCP but NOT SSH to
the machine and can chroot the sftp/scp session as well.

However, I want the user to be able to login with ssh wihtout being
chrooted while when he uses sftp, gets chrooted. I'm using a config
file for this and it's working fine for both now I just need to
seperate them. I'm looking for a way for identify the connection as an
sftp session prior to the do_setusercontext function in session.c


Re: chroot SFTP ONLY wrote:
Quoted text here. Click to load it

Ouch, should've read your first post more literally. If I recall
correctly the chroot system call can only be made as root and the
sftp-server is run as a subsystem request by a user inside the ssh
session. That's why it's FTP *over* SSH. Before that, there is not
really something specific which tells you if a session is sftp or shell.

Perhaps you could patch/modify the sftp-server sourcecode to do
something like

uid_t uid = getuid(); chroot("/path/to/chroot"); seteuid(uid);

very early on in the code. Then make the compiled binary setuid root. Be
careful though, because there is always the danger of holes with setuid
root binaries, like users setting LD_LIBRARY_PATH and LD_PRELOAD.

Re: chroot SFTP ONLY

Steven Mocking wrote:
Quoted text here. Click to load it

I wanted to patch the session.c only to make it easier to port (on
hundreds of hybrid UNIX systems) but after reading most of the SSH code
with no clues, I guess your right the only way to go would be to patch
the sftp-server.c as well.

The best way to go is to seperate sftp users from login ones and chroot
normally (both) as required. but it's worth investigating ;)

Thanks anyway Steve,

Re: chroot SFTP ONLY

I got this working. My findings are at:


On 7 Nov 2006 11:39:49 -0800 wrote:

Quoted text here. Click to load it

For UNIX, Linux and security articles

Site Timeline