# Setting up chrooted ssh in gentoo?

## Netdale

Alright, I'm trying to trap my ssh users in a "home" directory...

I've followed this article, which includes a patch and everything required (w/ gentoo support)

Yet...........It still wont work.....please help me out.

http://chrootssh.sourceforge.net/docs/chrootedsftp.html

If you read down that link, I follow it exactly, yet when I go to run the chroot command to test it, it fails........

chroot: cannot execute /bin/bash: No such file or directory

I have proper permissions on it as far as I can tell....thanks (and yes bash does exist.....)

Dale

----------

## Naan Yaar

Does /bin/bash exist in the chrooted bin directory?  You will get this error if it does not.  bash in non-chrooted (regular) /bin will not do.  I was wondering whether you created a symlink from /bin/bash to the chroot'ed /bin/sh.  This will not work.

----------

## Netdale

Ok, here are the ls -l lists......

root@68 webteam # ls -l

total 20

drwxrwxr-x    2 root     administrators     4096 Aug 20 21:33 bin

drwxrwxr-x    2 root     administrators     4096 Aug 18 18:53 dev

drwxrwxr-x    4 root     administrators     4096 Aug 27 22:51 htdocs

drwxrwxr-x    2 root     administrators     4096 Aug 24 00:51 logs

drwxrwxr-x    4 root     administrators     4096 Aug 18 18:55 usr

then going in bin.....

root@68 bin # ls -l

total 800

-rwxrwxr-x    1 root     root       558836 May  7 06:41 bash

-rwxrwxr-x    1 root     root        17692 May  7 06:44 chgrp

-rwxrwxr-x    1 root     root        17340 May  7 06:44 chmod

-rwxrwxr-x    1 root     root        19832 May  7 06:44 chown

-rwxrwxr-x    1 root     root        44764 May  7 06:44 cp

-rwxrwxr-x    1 root     root        62916 May  7 06:44 ls

-rwxrwxr-x    1 root     root        46956 May  7 06:44 mv

-rwxrwxr-x    1 root     root        26276 May  7 06:44 rm

lrwxrwxrwx    1 root     root            4 Aug 20 21:33 sh -> bash

Any more ideas?

Also, I can run ./bash inside the bin folder......

----------

## rac

Does strace on the the chroot command give us any hints?

----------

## Netdale

Strace?

----------

## Naan Yaar

Did you copy:

```

 ld-linux.so.2

 libc.so.6

 libdl.so.2

 libncurses.so.5

```

to lib in chroot?  You will get this error if you didn't do that too.  Do:

```

ldd /bin/bash

```

to check for libs you need to copy for bash.

[EDIT]I see that you don't have a lib directory at all.  That won't do  :Smile: 

----------

## rac

 *Netdale wrote:*   

> Strace?

 

emerge strace first, and then: 

```
# strace chroot /wherever /bin/bash
```

...strace will print a listing of some of the system calls made, and maybe something will jump out at you.  But check the shared libraries as per Naan Yaar's post first.

----------

## Netdale

Ok, I have usr/libs completely copied over.....

root@68 bin # ldd bash

        libncurses.so.5 => /lib/libncurses.so.5 (0x4ee96000)

        libdl.so.2 => /lib/libdl.so.2 (0x4eedb000)

        libc.so.6 => /lib/libc.so.6 (0x4eedf000)

        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4ee7c000)

Theres the ldd report...........

On the strace issue.....I can run bash if I manually go into bin and type

./bash

it will bring up another "session"

Dale

----------

## rac

 *Netdale wrote:*   

> I can run bash if I manually go into bin and type
> 
> ./bash

 

That's not the same thing as running under chroot, though, because when you run it from your normal root, filesystem calls go relative to the real root.  When running chroot, filesystem calls look for things in the chroot jail.

----------

## Netdale

I just cannot get over the fact that it seems as "chroot" cannot run bash....but I dont know why.....

Dale

hmm, strace......trying.......

----------

## Netdale

root@68 bin # strace chroot /home/webteam/ /bin/bash

execve("/usr/bin/chroot", ["chroot", "/home/webteam/", "/bin/bash"], [/* 21 vars */]) = 0

brk(0)                                  = 0x804b4e4

open("/etc/ld.so.preload", O_RDONLY)    = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0

close(3)                                = 0

open("/etc/ld.so.cache", O_RDONLY)      = 3

fstat64(3, {st_mode=S_IFREG|0644, st_size=9404, ...}) = 0

old_mmap(NULL, 9404, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4258c000

close(3)                                = 0

open("/lib/libc.so.6", O_RDONLY)        = 3

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0X\227\1"..., 1024) = 1024

fstat64(3, {st_mode=S_IFREG|0755, st_size=1395323, ...}) = 0

old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4258f000

old_mmap(NULL, 1208928, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x42590000

mprotect(0x426ad000, 41568, PROT_NONE)  = 0

old_mmap(0x426ad000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x11c000) = 0x426ad000

old_mmap(0x426b3000, 16992, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x426b3000

close(3)                                = 0

munmap(0x4258c000, 9404)                = 0

brk(0)                                  = 0x804b4e4

brk(0x804b50c)                          = 0x804b50c

brk(0x804c000)                          = 0x804c000

chroot("/home/webteam/")                = 0

chdir("/")                              = 0

execve("/bin/bash", ["/bin/bash"], [/* 21 vars */]) = -1 ENOENT (No such file or directory)

write(2, "chroot: ", 8chroot: )                 = 8

write(2, "cannot execute /bin/bash", 24cannot execute /bin/bash) = 24

write(2, ": No such file or directory", 27: No such file or directory) = 27

write(2, "\n", 1

)                       = 1

_exit(1)                                = ?

----------

## Naan Yaar

Did you copy the actual files rather than the symlinks?  If you do "ls -l" in the chroot'ed lib, do you see the files?

----------

## Netdale

root@68 lib # ls -l

total 29164

-rwxrwxr-x    1 root     root          684 Aug 17 22:26 Mcrt1.o

drwxrwxr-x    2 root     root         4096 Jun 15 10:51 autoconf

drwxrwxr-x    2 root     root         4096 Aug 17 19:34 automake

drwxrwxr-x    2 root     root         4096 Aug 18 00:12 awk

-rwxrwxr-x    1 root     root        75132 Aug 18 18:56 cpp

-rwxrwxr-x    1 755      755          1024 Jun 15 10:54 cracklib_dict.hwm

-rwxrwxr-x    1 755      755       1303154 Jun 15 10:54 cracklib_dict.pwd

-rwxrwxr-x    1 755      755         58416 Jun 15 10:54 cracklib_dict.pwi

-rwxrwxr-x    1 root     root         1271 Aug 17 22:26 crt1.o

-rwxrwxr-x    1 root     root         1208 Aug 17 22:26 crti.o

-rwxrwxr-x    1 root     root          846 Aug 17 22:26 crtn.o

drwxrwxr-x    2 root     root         4096 Aug 17 18:34 find

drwxrwxr-x    4 root     root         4096 Aug 17 18:34 gcc-lib

drwxrwxr-x    2 root     root         4096 Aug 17 22:26 gconv

-rwxrwxr-x    1 root     root         1645 Aug 17 22:26 gcrt1.o

drwxrwxr-x    3 root     root         4096 Jun 15 10:53 glib

drwxrwxr-x    3 root     root         4096 Jun 15 09:43 groff

-rwxrwxr-x    1 root     root       100052 Aug 18 18:56 ld-2.2.5.so

-rwxrwxr-x    1 root     root        22388 Aug 18 18:56 ld-linux.so.1

-rwxrwxr-x    1 root     root        22388 Aug 18 18:56 ld-linux.so.1.9.11

-rwxrwxr-x    1 root     root       100052 Aug 18 18:56 ld-linux.so.2

-rwxrwxr-x    1 root     root       104048 Aug 18 18:56 ld.so

-rwxrwxr-x    1 root     root       104048 Aug 18 18:56 ld.so.1.9.11

-rwxrwxr-x    1 755      755          1936 Jun 15 11:09 lddstub

-rwxrwxr-x    1 root     root         5667 Aug 18 18:56 libBrokenLocale-2.2.5.so

-rwxrwxr-x    1 root     root         1186 Aug 17 22:26 libBrokenLocale.a

lrwxrwxrwx    1 root     root           30 Aug 18 19:08 libBrokenLocale.so -> ../../lib/libBrokenLocale.so.1

-rwxrwxr-x    1 root     root         5667 Aug 18 18:56 libBrokenLocale.so.1

-rwxrwxr-x    1 root     root        13879 Aug 18 18:56 libSegFault.so

-rwxrwxr-x    1 root     root        13577 Aug 18 18:56 libanl-2.2.5.so

-rwxrwxr-x    1 root     root        12560 Aug 17 22:26 libanl.a

lrwxrwxrwx    1 root     root           21 Aug 18 19:08 libanl.so -> ../../lib/libanl.so.1

-rwxrwxr-x    1 root     root        13577 Aug 18 18:56 libanl.so.1

-rwxrwxr-x    1 root     root       479594 Aug 17 22:43 libbfd-2.11.92.0.12.3.so

-rwxrwxr-x    1 root     root       541792 Aug 17 22:43 libbfd.a

-rwxrwxr-x    1 root     root          855 Aug 17 22:43 libbfd.la

lrwxrwxrwx    1 root     root           24 Aug 18 19:08 libbfd.so -> libbfd-2.11.92.0.12.3.so

-rwxrwxr-x    1 root     root          864 Aug 17 22:26 libbsd-compat.a

lrwxrwxrwx    1 root     root           24 Aug 18 19:08 libbsd.a -> /usr/lib/libbsd-compat.a

-rwxrwxr-x    1 root     root        68634 Aug 18 00:10 libbz2.a

lrwxrwxrwx    1 root     root           24 Aug 18 19:09 libbz2.so -> /usr/lib/libbz2.so.1.0.2

lrwxrwxrwx    1 root     root           24 Aug 18 19:09 libbz2.so.1.0 -> /usr/lib/libbz2.so.1.0.2

-rwxrwxr-x    1 root     root        67762 Aug 18 00:10 libbz2.so.1.0.2

-rwxrwxr-x    1 root     root      1395323 Aug 18 18:56 libc-2.2.5.so

-rwxrwxr-x    1 root     root      2786876 Aug 17 22:26 libc.a

-rwxrwxr-x    1 root     root          178 Aug 17 22:26 libc.so

-rwxrwxr-x    1 755      755        580404 Jun 15 11:09 libc.so.5

-rwxrwxr-x    1 root     root      1395323 Aug 18 18:56 libc.so.6

-rwxrwxr-x    1 root     root         7876 Aug 17 22:26 libc_nonshared.a

-rwxrwxr-x    1 755      755          5756 Jun 15 10:30 libcom_err.a

-rwxrwxr-x    1 root     root         5648 Aug 18 18:56 libcom_err.so

-rwxrwxr-x    1 root     root         5648 Aug 18 18:56 libcom_err.so.2

-rwxrwxr-x    1 root     root         5648 Aug 18 18:56 libcom_err.so.2.0

lrwxrwxrwx    1 755      755            15 Aug 18 19:09 libcrack.so -> libcrack.so.2.7

lrwxrwxrwx    1 755      755            15 Aug 18 19:09 libcrack.so.2 -> libcrack.so.2.7

-rwxrwxr-x    1 755      755         28948 Jun 15 10:54 libcrack.so.2.7

-rwxrwxr-x    1 root     root        25891 Aug 18 18:56 libcrypt-2.2.5.so

-rwxrwxr-x    1 root     root        23334 Aug 17 22:26 libcrypt.a

lrwxrwxrwx    1 root     root           23 Aug 18 19:08 libcrypt.so -> ../../lib/libcrypt.so.1

-rwxrwxr-x    1 root     root        25891 Aug 18 18:56 libcrypt.so.1

-rwxrwxr-x    1 755      755       1363946 Jun 15 10:20 libcrypto.a

lrwxrwxrwx    1 755      755            14 Aug 18 19:09 libcrypto.so -> libcrypto.so.0

lrwxrwxrwx    1 755      755            18 Aug 18 19:09 libcrypto.so.0 -> libcrypto.so.0.9.6

-rwxrwxr-x    1 755      755        753932 Jun 15 10:20 libcrypto.so.0.9.6

lrwxrwxrwx    1 755      755            12 Aug 18 19:08 libcurses.a -> libncurses.a

-rwxrwxr-x    1 root     root       271644 Aug 18 18:56 libcurses.so

-rwxrwxr-x    1 root     root       909862 Aug 17 20:17 libdb-3.2.a

-rwxrwxr-x    1 root     root          692 Aug 17 20:17 libdb-3.2.la

-rwxrwxr-x    1 root     root       649180 Aug 17 20:17 libdb-3.2.so

lrwxrwxrwx    1 root     root           12 Aug 18 19:08 libdb-3.so -> libdb-3.2.so

lrwxrwxrwx    1 root     root           12 Aug 18 19:08 libdb.so -> libdb-3.2.so

lrwxrwxrwx    1 755      755            11 Aug 18 19:08 libdb.so.2 -> libdb1.so.2

lrwxrwxrwx    1 root     root           12 Aug 18 19:08 libdb.so.3 -> libdb-3.2.so

-rwxrwxr-x    1 755      755        861038 Jun 15 09:29 libdb1.a

lrwxrwxrwx    1 755      755            11 Aug 18 19:08 libdb1.so -> libdb1.so.2

-rwxrwxr-x    1 755      755         53188 Jun 15 09:29 libdb1.so.2

-rwxrwxr-x    1 root     root       972904 Aug 17 20:17 libdb_cxx-3.2.a

-rwxrwxr-x    1 root     root          716 Aug 17 20:17 libdb_cxx-3.2.la

-rwxrwxr-x    1 root     root       731272 Aug 17 20:17 libdb_cxx-3.2.so

lrwxrwxrwx    1 root     root           16 Aug 18 19:08 libdb_cxx-3.so -> libdb_cxx-3.2.so

lrwxrwxrwx    1 root     root           16 Aug 18 19:08 libdb_cxx.so -> libdb_cxx-3.2.so

-rwxrwxr-x    1 755      755        181710 Jun 21 21:14 libdhcpctl.a

-rwxrwxr-x    1 root     root        14474 Aug 18 18:56 libdl-2.2.5.so

-rwxrwxr-x    1 root     root         8544 Aug 17 22:26 libdl.a

lrwxrwxrwx    1 root     root           20 Aug 18 19:08 libdl.so -> ../../lib/libdl.so.2

-rwxrwxr-x    1 root     root         5756 Aug 18 18:56 libdl.so.1

-rwxrwxr-x    1 root     root         5756 Aug 18 18:56 libdl.so.1.9.11

-rwxrwxr-x    1 root     root        14474 Aug 18 18:56 libdl.so.2

-rwxrwxr-x    1 755      755         24230 Jun 15 10:30 libe2p.a

-rwxrwxr-x    1 root     root        15012 Aug 18 18:56 libe2p.so

-rwxrwxr-x    1 root     root        15012 Aug 18 18:56 libe2p.so.2

-rwxrwxr-x    1 root     root        15012 Aug 18 18:56 libe2p.so.2.3

-rwxrwxr-x    1 root     root       166280 Aug 17 23:42 libexpat.a

-rwxrwxr-x    1 root     root          706 Aug 17 23:42 libexpat.la

lrwxrwxrwx    1 root     root           17 Aug 18 19:09 libexpat.so -> libexpat.so.0.3.0

lrwxrwxrwx    1 root     root           17 Aug 18 19:09 libexpat.so.0 -> libexpat.so.0.3.0

-rwxrwxr-x    1 root     root       150098 Aug 17 23:42 libexpat.so.0.3.0

-rwxrwxr-x    1 755      755        132552 Jun 15 10:30 libext2fs.a

-rwxrwxr-x    1 root     root        85052 Aug 18 18:56 libext2fs.so

-rwxrwxr-x    1 root     root        85052 Aug 18 18:56 libext2fs.so.2

-rwxrwxr-x    1 root     root        85052 Aug 18 18:56 libext2fs.so.2.4

-rwxrwxr-x    1 755      755          1764 Jun 15 11:07 libfl.a

-rwxrwxr-x    1 755      755         84426 Jun 15 09:27 libform.a

lrwxrwxrwx    1 root     root           12 Aug 18 19:08 libform.so -> libform.so.5

lrwxrwxrwx    1 root     root           14 Aug 18 19:08 libform.so.5 -> libform.so.5.2

-rwxrwxr-x    1 root     root        47956 May  7 07:10 libform.so.5.2

lrwxrwxrwx    1 755      755            17 Aug 18 19:09 libg++.so.2.7.2 -> libg++.so.2.7.2.8

-rwxrwxr-x    1 755      755        210188 Jun 15 11:09 libg++.so.2.7.2.8

-rwxrwxr-x    1 root     root          864 Aug 17 22:26 libg.a

-rwxrwxr-x    1 755      755         50098 Jun 15 09:44 libgdbm.a

-rwxrwxr-x    1 755      755           466 Jun 15 09:44 libgdbm.la

lrwxrwxrwx    1 755      755            16 Aug 18 19:08 libgdbm.so -> libgdbm.so.2.0.0

lrwxrwxrwx    1 755      755            16 Aug 18 19:08 libgdbm.so.2 -> libgdbm.so.2.0.0

-rwxrwxr-x    1 755      755         23836 Jun 15 09:44 libgdbm.so.2.0.0

lrwxrwxrwx    1 755      755            21 Aug 18 19:09 libglib-1.2.so.0 -> libglib-1.2.so.0.0.10

-rwxrwxr-x    1 755      755        145596 Jun 15 10:53 libglib-1.2.so.0.0.10

-rwxrwxr-x    1 755      755        201388 Jun 15 10:53 libglib.a

-rwxrwxr-x    1 755      755           662 Jun 15 10:53 libglib.la

lrwxrwxrwx    1 755      755            21 Aug 18 19:09 libglib.so -> libglib-1.2.so.0.0.10

lrwxrwxrwx    1 755      755            24 Aug 18 19:09 libgmodule-1.2.so.0 -> libgmodule-1.2.so.0.0.10

-rwxrwxr-x    1 755      755          9028 Jun 15 10:53 libgmodule-1.2.so.0.0.10

-rwxrwxr-x    1 755      755          7416 Jun 15 10:53 libgmodule.a

-rwxrwxr-x    1 755      755           688 Jun 15 10:53 libgmodule.la

lrwxrwxrwx    1 755      755            24 Aug 18 19:09 libgmodule.so -> libgmodule-1.2.so.0.0.10

lrwxrwxrwx    1 755      755            24 Aug 18 19:09 libgthread-1.2.so.0 -> libgthread-1.2.so.0.0.10

-rwxrwxr-x    1 755      755          7880 Jun 15 10:53 libgthread-1.2.so.0.0.10

-rwxrwxr-x    1 755      755          5558 Jun 15 10:53 libgthread.a

-rwxrwxr-x    1 755      755           693 Jun 15 10:53 libgthread.la

lrwxrwxrwx    1 755      755            24 Aug 18 19:09 libgthread.so -> libgthread-1.2.so.0.0.10

-rwxrwxr-x    1 755      755         26878 Jun 15 09:28 libhistory.a

-rwxrwxr-x    1 root     root        22768 Aug 18 18:56 libhistory.so

-rwxrwxr-x    1 root     root        22768 Aug 18 18:56 libhistory.so.4

-rwxrwxr-x    1 root     root        22768 Aug 18 18:56 libhistory.so.4.1

-rwxrwxr-x    1 root     root       173354 Aug 17 22:43 libiberty.a

-rwxrwxr-x    1 root     root          721 Aug 17 22:26 libieee.a

-rwxrwxr-x    1 root     root        26408 Aug 18 00:31 libltdl.a

-rwxrwxr-x    1 root     root          704 Aug 18 00:31 libltdl.la

lrwxrwxrwx    1 root     root           16 Aug 18 19:09 libltdl.so -> libltdl.so.3.0.0

lrwxrwxrwx    1 root     root           16 Aug 18 19:09 libltdl.so.3 -> libltdl.so.3.0.0

-rwxrwxr-x    1 root     root        31143 Aug 18 00:31 libltdl.so.3.0.0

-rwxrwxr-x    1 root     root       184531 Aug 18 18:56 libm-2.2.5.so

-rwxrwxr-x    1 root     root       533144 Aug 17 22:26 libm.a

lrwxrwxrwx    1 root     root           19 Aug 18 19:08 libm.so -> ../../lib/libm.so.6

-rwxrwxr-x    1 root     root       184531 Aug 18 18:56 libm.so.6

-rwxrwxr-x    1 755      755           625 Jun 15 10:50 libm4.la

lrwxrwxrwx    1 755      755            14 Aug 18 19:09 libm4.so -> libm4.so.0.0.0

lrwxrwxrwx    1 755      755            14 Aug 18 19:09 libm4.so.0 -> libm4.so.0.0.0

-rwxrwxr-x    1 755      755         34076 Jun 15 10:50 libm4.so.0.0.0

-rwxrwxr-x    1 root     root          916 Aug 17 22:26 libmcheck.a

-rwxrwxr-x    1 root     root        12449 Aug 18 18:56 libmemusage.so

-rwxrwxr-x    1 755      755         48056 Jun 15 09:27 libmenu.a

lrwxrwxrwx    1 root     root           12 Aug 18 19:08 libmenu.so -> libmenu.so.5

lrwxrwxrwx    1 root     root           14 Aug 18 19:08 libmenu.so.5 -> libmenu.so.5.2

-rwxrwxr-x    1 root     root        26080 May  7 07:10 libmenu.so.5.2

-rwxrwxr-x    1 root     root       106020 Aug 18 00:25 libmisc.a

-rwxrwxr-x    1 root     root          655 Aug 18 00:25 libmisc.la

-rwxrwxr-x    1 755      755        231092 Jun 15 09:27 libncurses++.a

-rwxrwxr-x    1 755      755        421288 Jun 15 09:27 libncurses.a

-rwxrwxr-x    1 root     root       271644 Aug 18 18:56 libncurses.so

-rwxrwxr-x    1 root     root       271644 Aug 18 18:56 libncurses.so.5

-rwxrwxr-x    1 root     root       271644 Aug 18 18:56 libncurses.so.5.2

lrwxrwxrwx    1 755      755             8 Aug 18 19:08 libndbm.a -> libdb1.a

lrwxrwxrwx    1 755      755            11 Aug 18 19:08 libndbm.so -> libdb1.so.2

-rwxrwxr-x    1 root     root        90480 Aug 18 18:56 libnsl-2.2.5.so

-rwxrwxr-x    1 root     root       119056 Aug 17 22:26 libnsl.a

lrwxrwxrwx    1 root     root           21 Aug 18 19:08 libnsl.so -> ../../lib/libnsl.so.1

-rwxrwxr-x    1 root     root        90480 Aug 18 18:56 libnsl.so.1

-rwxrwxr-x    1 root     root        53746 Aug 18 18:56 libnss_compat-2.2.5.so

lrwxrwxrwx    1 root     root           28 Aug 18 19:08 libnss_compat.so -> ../../lib/libnss_compat.so.2

-rwxrwxr-x    1 root     root        53746 Aug 18 18:56 libnss_compat.so.2

-rwxrwxr-x    1 root     root        16161 Aug 18 18:56 libnss_dns-2.2.5.so

lrwxrwxrwx    1 root     root           25 Aug 18 19:08 libnss_dns.so -> ../../lib/libnss_dns.so.2

-rwxrwxr-x    1 root     root        16161 Aug 18 18:56 libnss_dns.so.2

-rwxrwxr-x    1 root     root        44421 Aug 18 18:56 libnss_files-2.2.5.so

lrwxrwxrwx    1 root     root           27 Aug 18 19:08 libnss_files.so -> ../../lib/libnss_files.so.2

-rwxrwxr-x    1 root     root        44421 Aug 18 18:56 libnss_files.so.2

-rwxrwxr-x    1 root     root        18763 Aug 18 18:56 libnss_hesiod-2.2.5.so

lrwxrwxrwx    1 root     root           28 Aug 18 19:08 libnss_hesiod.so -> ../../lib/libnss_hesiod.so.2

-rwxrwxr-x    1 root     root        18763 Aug 18 18:56 libnss_hesiod.so.2

-rwxrwxr-x    1 root     root        46505 Aug 18 18:56 libnss_nis-2.2.5.so

lrwxrwxrwx    1 root     root           25 Aug 18 19:08 libnss_nis.so -> ../../lib/libnss_nis.so.2

-rwxrwxr-x    1 root     root        46505 Aug 18 18:56 libnss_nis.so.2

-rwxrwxr-x    1 root     root        51390 Aug 18 18:56 libnss_nisplus-2.2.5.so

lrwxrwxrwx    1 root     root           29 Aug 18 19:08 libnss_nisplus.so -> ../../lib/libnss_nisplus.so.2

-rwxrwxr-x    1 root     root        51390 Aug 18 18:56 libnss_nisplus.so.2

-rwxrwxr-x    1 755      755       1269374 Jun 21 21:14 libomapi.a

-rwxrwxr-x    1 root     root        81766 Aug 17 22:43 libopcodes-2.11.92.0.12.3.so

-rwxrwxr-x    1 root     root        85324 Aug 17 22:43 libopcodes.a

-rwxrwxr-x    1 root     root          785 Aug 17 22:43 libopcodes.la

lrwxrwxrwx    1 root     root           28 Aug 18 19:08 libopcodes.so -> libopcodes-2.11.92.0.12.3.so

-rwxrwxr-x    1 root     root        45764 Aug 18 18:56 libpam.a

-rwxrwxr-x    1 root     root        31024 Aug 18 18:56 libpam.so

-rwxrwxr-x    1 root     root        31024 Aug 18 18:56 libpam.so.0

-rwxrwxr-x    1 root     root        31024 Aug 18 18:56 libpam.so.0.75

-rwxrwxr-x    1 root     root         7500 Aug 18 18:56 libpam_misc.a

-rwxrwxr-x    1 root     root         8976 Aug 18 18:56 libpam_misc.so

-rwxrwxr-x    1 root     root         8976 Aug 18 18:56 libpam_misc.so.0

-rwxrwxr-x    1 root     root         8976 Aug 18 18:56 libpam_misc.so.0.75

-rwxrwxr-x    1 root     root        10406 Aug 18 18:56 libpamc.a

-rwxrwxr-x    1 root     root        10580 Aug 18 18:56 libpamc.so

-rwxrwxr-x    1 root     root        10580 Aug 18 18:56 libpamc.so.0

-rwxrwxr-x    1 root     root        10580 Aug 18 18:56 libpamc.so.0.75

-rwxrwxr-x    1 755      755         23340 Jun 15 09:27 libpanel.a

lrwxrwxrwx    1 root     root           13 Aug 18 19:08 libpanel.so -> libpanel.so.5

lrwxrwxrwx    1 root     root           15 Aug 18 19:08 libpanel.so.5 -> libpanel.so.5.2

-rwxrwxr-x    1 root     root        13268 May  7 07:10 libpanel.so.5.2

-rwxrwxr-x    1 root     root         6671 Aug 18 18:56 libpcprofile.so

-rwxrwxr-x    1 755      755         39466 Jun 15 12:16 libpcre.a

-rwxrwxr-x    1 755      755           692 Jun 15 12:16 libpcre.la

lrwxrwxrwx    1 755      755            16 Aug 18 19:09 libpcre.so -> libpcre.so.0.0.1

lrwxrwxrwx    1 755      755            16 Aug 18 19:09 libpcre.so.0 -> libpcre.so.0.0.1

-rwxrwxr-x    1 755      755         33100 Jun 15 12:16 libpcre.so.0.0.1

-rwxrwxr-x    1 755      755          4846 Jun 15 12:16 libpcreposix.a

-rwxrwxr-x    1 755      755           727 Jun 15 12:16 libpcreposix.la

lrwxrwxrwx    1 755      755            21 Aug 18 19:09 libpcreposix.so -> libpcreposix.so.0.0.0

lrwxrwxrwx    1 755      755            21 Aug 18 19:09 libpcreposix.so.0 -> libpcreposix.so.0.0.0

-rwxrwxr-x    1 755      755          7440 Jun 15 12:16 libpcreposix.so.0.0.0

lrwxrwxrwx    1 root     root           47 Aug 18 19:09 libperl.so -> /usr/lib/perl5/5.6.1/i686-linux/CORE/libperl.so

-rwxrwxr-x    1 root     root        36292 Aug 18 18:56 libproc.so.2.0.7

-rwxrwxr-x    1 root     root       104079 Aug 18 18:56 libpthread-0.9.so

-rwxrwxr-x    1 root     root       125260 Aug 17 22:26 libpthread.a

lrwxrwxrwx    1 root     root           25 Aug 18 19:08 libpthread.so -> ../../lib/libpthread.so.0

-rwxrwxr-x    1 root     root       104079 Aug 18 18:56 libpthread.so.0

-rwxrwxr-x    1 755      755       1465868 Jun 15 10:51 libpwdb.a

-rwxrwxr-x    1 root     root       127512 Aug 18 18:56 libpwdb.so

-rwxrwxr-x    1 root     root       127512 Aug 18 18:56 libpwdb.so.0

-rwxrwxr-x    1 root     root       127512 Aug 18 18:56 libpwdb.so.0.61

-rwxrwxr-x    1 755      755        219728 Jun 15 09:28 libreadline.a

-rwxrwxr-x    1 root     root       151196 Aug 18 18:56 libreadline.so

-rwxrwxr-x    1 root     root       151196 Aug 18 18:56 libreadline.so.4

-rwxrwxr-x    1 root     root       151196 Aug 18 18:56 libreadline.so.4.1

-rwxrwxr-x    1 root     root        65364 Aug 18 18:56 libresolv-2.2.5.so

-rwxrwxr-x    1 root     root        75242 Aug 17 22:26 libresolv.a

lrwxrwxrwx    1 root     root           24 Aug 18 19:08 libresolv.so -> ../../lib/libresolv.so.2

-rwxrwxr-x    1 root     root        65364 Aug 18 18:56 libresolv.so.2

-rwxrwxr-x    1 root     root        39410 Aug 17 22:26 librpcsvc.a

-rwxrwxr-x    1 root     root        37159 Aug 18 18:56 librt-2.2.5.so

-rwxrwxr-x    1 root     root        55050 Aug 17 22:26 librt.a

lrwxrwxrwx    1 root     root           20 Aug 18 19:08 librt.so -> ../../lib/librt.so.1

-rwxrwxr-x    1 root     root        37159 Aug 18 18:56 librt.so.1

-rwxrwxr-x    1 root     root        17576 Aug 18 18:56 libsandbox.so

-rwxrwxr-x    1 root     root        62046 Aug 18 00:25 libshadow.a

-rwxrwxr-x    1 root     root          689 Aug 18 00:25 libshadow.la

-rwxrwxr-x    1 755      755        498376 Jun 15 10:07 libslang.a

lrwxrwxrwx    1 755      755            17 Aug 18 19:09 libslang.so -> libslang.so.1.4.5

lrwxrwxrwx    1 755      755            17 Aug 18 19:09 libslang.so.1 -> libslang.so.1.4.5

-rwxrwxr-x    1 755      755        352496 Jun 15 10:07 libslang.so.1.4.5

-rwxrwxr-x    1 755      755         26328 Jun 15 10:30 libss.a

-rwxrwxr-x    1 root     root        17292 Aug 18 18:56 libss.so

-rwxrwxr-x    1 root     root        17292 Aug 18 18:56 libss.so.2

-rwxrwxr-x    1 root     root        17292 Aug 18 18:56 libss.so.2.0

-rwxrwxr-x    1 755      755        255398 Jun 15 10:20 libssl.a

lrwxrwxrwx    1 755      755            11 Aug 18 19:09 libssl.so -> libssl.so.0

lrwxrwxrwx    1 755      755            15 Aug 18 19:09 libssl.so.0 -> libssl.so.0.9.6

-rwxrwxr-x    1 755      755        177452 Jun 15 10:20 libssl.so.0.9.6

-rwxrwxr-x    1 755      755        271052 Jun 15 11:09 libstdc++-libc6.1-1.so.2

lrwxrwxrwx    1 755      755            20 Aug 18 19:09 libstdc++.so.2.7.2 -> libstdc++.so.2.7.2.8

-rwxrwxr-x    1 755      755        226168 Jun 15 11:09 libstdc++.so.2.7.2.8

lrwxrwxrwx    1 755      755            18 Aug 18 19:09 libstdc++.so.2.8 -> libstdc++.so.2.8.0

-rwxrwxr-x    1 755      755        255728 Jun 15 11:09 libstdc++.so.2.8.0

-rwxrwxr-x    1 root     root        21221 Aug 18 18:56 libthread_db-1.0.so

lrwxrwxrwx    1 root     root           27 Aug 18 19:08 libthread_db.so -> ../../lib/libthread_db.so.1

-rwxrwxr-x    1 root     root        21221 Aug 18 18:56 libthread_db.so.1

-rwxrwxr-x    1 root     root        11412 Aug 18 18:56 libutil-2.2.5.so

-rwxrwxr-x    1 root     root         8804 Aug 17 22:26 libutil.a

lrwxrwxrwx    1 root     root           22 Aug 18 19:08 libutil.so -> ../../lib/libutil.so.1

-rwxrwxr-x    1 root     root        11412 Aug 18 18:56 libutil.so.1

-rwxrwxr-x    1 755      755         12756 Jun 15 10:30 libuuid.a

-rwxrwxr-x    1 root     root        10028 Aug 18 18:56 libuuid.so

-rwxrwxr-x    1 root     root        10028 Aug 18 18:56 libuuid.so.1

-rwxrwxr-x    1 root     root        10028 Aug 18 18:56 libuuid.so.1.2

-rwxrwxr-x    1 755      755         43930 Jun 15 11:11 libwrap.a

-rwxrwxr-x    1 755      755         61498 Jun 15 09:22 libz.a

lrwxrwxrwx    1 root     root           13 Aug 18 19:08 libz.so -> libz.so.1.1.4

lrwxrwxrwx    1 root     root           13 Aug 18 19:08 libz.so.1 -> libz.so.1.1.4

-rwxrwxr-x    1 root     root        50984 May  7 07:04 libz.so.1.1.4

drwxrwxr-x  159 root     root         4096 Jun 15 02:18 locale

drwxrwxr-x    2 root     root         4096 Jun 15 10:50 m4

drwxrwxr-x    2 root     root         4096 Aug 18 00:35 misc

drwxrwxr-x    4 root     root         4096 Jun 15 10:05 perl5

drwxrwxr-x    2 root     root         4096 Jun 15 10:53 pkgconfig

drwxrwxr-x    4 root     root         4096 May  7 06:07 portage

drwxrwxr-x   16 root     root        12288 Aug 17 23:48 python2.2

lrwxrwxrwx    1 755      755            15 Aug 18 19:09 sendmail -> /usr/sbin/ssmtp

drwxrwxr-x    6 root     root         4096 Jun 15 10:20 ssl

lrwxrwxrwx    1 root     root           17 Aug 18 19:08 terminfo -> ../share/terminfo

----------

## Naan Yaar

Not to be a pain or anything, but was the listing from /lib under chroot or /usr/lib?  It needs to be the former.  Since the files were also copied from /usr/lib seemingly, I thought I would ask.

----------

## Netdale

Thanks guys.......I got it, haha

I used /usr/lib........instead /lib.....and now it seems to working just fine.

I guess to set a hostname and all in a /etc folder? Not sure.....

Ok, thanks...............a ton guys, Gentoo........

Peace............

----------

## psp

Just read this and thought I should mention - perhaps you should use a stripped down version of busybox (only bash and the basics) instead of bash proper. You can compile it statically and the libraries will not be a problem.

----------

## Netdale

Compile it statically?  Can I ask why and how....

What advantages will that have?

I in the end still choose the commands they run......but I'm still a newbie at all this linux/gentoo nitty gritty, so ur advice is thankfully accepted..

Dale

----------

## Netdale

Ok, I can now chroot into that directory.......yet something still isnt right.  I used the patch, recompiled, reboot ssh, everything.......yet when I login it still reports the full length of where u are.....(even w/ the /./)

So.......anymore ideas?

Also, what does the author mean by this?

 *Quote:*   

> Once you've done that, try ssh'ing in to the chrooted daemon (you did shut down the previous instance of ssh and turn on the new one right?) and seeing if that succeeds.

 

I thought the idea was u still have sshd running off the main system, u can just control chroot?  I dont think they mean u have to run a seperate version of sshd inside of the "new" root??

Thanks Dale

----------

## Naan Yaar

Can you post the exact log and the portion that you think is wrong?   I am not sure I understand what you are referring to (login below: does it refer to ssh or at the console?)

 *Netdale wrote:*   

> Ok, I can now chroot into that directory.......yet something still isnt right.  I used the patch, recompiled, reboot ssh, everything.......yet when I login it still reports the full length of where u are.....(even w/ the /./)
> 
> So.......anymore ideas?
> 
> Also, what does the author mean by this?
> ...

 

You would need to stop sshd, replace the sshd in your gentoo install with the one you built with the patch and then restart it.  When you log in through ssh, you will be in the chroot jail.

----------

## Netdale

Ok, I recompiled w/ the patch and all...........my question was regarding sshd itself.  U may want to check the patch to see what its doing..

I jsut dont understand all of it......

Go to the link and read a bit....maybe that'll clear somethings up

Thanks

Dale

----------

## Naan Yaar

I did look at it before.  I wasn't sure what you were referring to as the problem:

Regarding the "login" showing the full path: if you login into the user whose home directory is set up as indicated from console (not through ssh), you will not be chroot'ed.

The patch makes openssh's sshd do a chroot if it finds a "/./" in the user's home directory in /etc/passwd.  You will be chroot'ed only if you log in as this user through sshd.

How and where are you installing the patched version? Did you emerge gentoo's openssh before doing this?  How did you start up the patched sshd?

My apologies in advance if I am covering ground above that you are already familiar with.

 *Netdale wrote:*   

> Ok, I recompiled w/ the patch and all...........my question was regarding sshd itself.  U may want to check the patch to see what its doing..
> 
> I jsut dont understand all of it......
> 
> Go to the link and read a bit....maybe that'll clear somethings up
> ...

 

----------

## Netdale

First off.......I havent really been using gentoo's portage system..I've mainly been just extracting the tar and compiling it manually.  Thus I've been able to apply the patch.  I can make a tar of the "jail" I've constructed if that would help.....but I've added /./ in the /etc/passwd.......yet when I logon it will report (using pwd) /home/webteam/./, which is obviosuly not what I want.  SSH, or somewhere in between isnt doing the chroot.  Hmm, its just frsuterated, cause I can do the chroot command, and the jail is perfect....

Thanks again man

Dale

----------

## Netdale

Anyone?

----------

## Naan Yaar

If you do:

```

strings sshd | grep "/./"

```

do you see anything?  You can also run the sshd daemon with a "-d" flag to see what is going on.  Additionally, you can put in a debug message in the sshd source code and recompile to get more info.

----------

## treacle

You may want to check out jail.  It is in portage.

```

cooper root # emerge -s jail

Searching...   

[ Results for search key : jail ]

[ Applications found : 1 ]

 

*  app-misc/jail

      Latest version Available: 1.9

      Latest version Installed: [ Not Installed ]

      Homepage: http://www.gsyc.inf.uc3m.es/~assman/jail/

      Description: Jail Chroot Project is a tool that builds a chrooted environment and automagically configures and builds all the required files, directories and libraries

```

----------

## Netdale

Yaar- 

root@68 weaverda # strings /usr/sbin/sshd | grep "/./" 

%255[^/]/%5[0-9] 

//// 

//// 

I'm not sure what that jail utility would give me, other then a prebuilt jail. I have a jail working, its just that sshd wont use it

----------

## Naan Yaar

Oops... sorry.  I forgot the min. limit of 4 characters in the "strings command".  Can you do:

```

strings -n 3 /usr/sbin/sshd | grep '/\./'

```

do you see the search string in there?  Did sshd get built and installed into the /usr/sbin directory?

 *Netdale wrote:*   

> Yaar- 
> 
> root@68 weaverda # strings /usr/sbin/sshd | grep "/./" 
> 
> %255[^/]/%5[0-9] 
> ...

 

----------

## Netdale

root@68 sbin # strings -n 3 /usr/local/sbin/sshd | grep '/\./' 

/./

----------

## Naan Yaar

Whoa there  :Smile:   You seem to have sshd both in your /usr/sbin and /usr/local/sbin directories.  Which one is actually running? Is it possible that you are running the one from /usr/sbin instead (which is probably unpatched)?

----------

## Netdale

Haha, nono, I saw that later....

I have it now recompiled in /usr/bin

But now I cannot login to it.........AHH

Ok, well thats what grep reports on the new "patched" sshd

Dale

----------

## Naan Yaar

Can you check the logs to see what's happening?  You can set the LogLevel in /etc/ssh/sshd_config to DEBUG and restart the daemon or send it a SIGHUP for more verbose logs.

 *Netdale wrote:*   

> ...
> 
> But now I cannot login to it.........AHH
> 
> ...
> ...

 

----------

## Netdale

Hmm, ok, problem after problem

Thanks Yaar......

Ok, well the ebuild works, but the patched one wont let me login.....

Hmm, going to keep trial and erroring

Dale

----------

## Netdale

WOW - Ok, any suggestions to why the downloaded tar wont work but the enbuild will ( tried it w/o patching it)

Dale

----------

## Netdale

Ok...........FINALLY, thank goodness......15 compilings later.......

IT works, with these strings.....

A patched directory of openssh and

./configure -prefix=/usr -sysconfdir=/etc/sshd -mandir=/usr/share/man -libexecdir=/usr/lib/misc -datadir=/usr/share/openssh -disable-suid-ssh -with-privsep-path=/var/empty -with-md5-passwords 

And with the help of this script......

http://mail.incredimail.com/howto/openssh/create_chroot_env

Thanks Yaar and Gentoo users for the help...........

Dale

----------

