# OpenSSH problems

## zer0spaz001

OK, i have emerged openssh assuming that the chroot patch would be applied... is this correct?

I currently have openssh 3.8.1_p1-r1 running

once I have sshd running I change the appropriate users home directory

usermod -d /jail/./home/user user

and their shell

usermod -s /bin/sh

but when i log in as that user through ssh, I am in the correct directory but not chrooted....I cannot figure this out. please help

also under /usr/portage/net-misc/openssh/files/

there is

openssh-3.8.1_p1-chroot.patch

this is the correct patch right? so then is it installed??

----------

## Dolio

Do an emerge -pv openssh

There is a use flag for the chroot patch. Is it enabled on your system?

----------

## zer0spaz001

what use flags should I use for compiling openssh, I am relatively new to all of this.

here is my emerge -pv openssh

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] net-misc/openssh-3.8.1_p1-r1  -X509 -chroot -ipv6 -kerberos -ldap +pam -(selinux) -skey -smartcard -static +tcpd -(uclibc)  140 kB 

Total size of downloads: 140 kB

----------

## Dolio

Add +chroot to your use flags.

That makes it use the chroot patch.  :Smile: 

I don't know if chroot is used in any other ebuild. To be safe you might just want to add this  to /etc/portage/package.use

```
net-misc/openssh +chroot
```

That way it's enabled for just openssh.

If you do emerge -pv openssh and see +chroot in the list of use flags at the end, you know it's enabled.

----------

## zer0spaz001

just want to make sure I am doing this correct 

/etc/make.conf

use="+chroot"

----------

## Dolio

/etc/make.conf

USE="+chroot"

or USE="chroot"

USE must be capital.

You may want to add other use flags as well, like so:

USE="chroot gtk2 dvd"

For a (partial) list of use flags, check /usr/portage/profiles/use.desc (it doesn't have chroot, but that's only used in one ebuild that I know of).

----------

## zer0spaz001

thank you so much for the help

----------

## zer0spaz001

ok, this is an odd problem...sometimes I am able to connect using ssh and other times I am not? Within a matter of seconds after trying multiple times it will finally let me in. when I am unable to log in I receive the following message: server responded "Connection Closed"

----------

## zer0spaz001

Please someone help...

I have the jail environment setup, and working

I am able to chroot /jail/home/user /bin/sh

and everything that I have included works great

but when I try to ssh in, or sftp in I get a "connection reset by peer" error

the only programs I have included in bin is

cp

mkdir

rm

ls

mv

pwd

sh

bash

I did the ldd on all of the programs to make sure I had the correct libs in /jail/lib

and finally

usermod -d /jail/./home/user user

usermod -s /bin/sh

on the user

this is exceptionally frustrating. And I know I have the correct version of openssh with the chroot built in.....is there a setting somewhere in a config file I need to change?

I even tried emerging and running "jail" to set up my environment, but still receieved the same openssh error.

----------

## vai0l0

I have the same problem:

emerge openssh with chroot in use

if I chroot in /home/chroot/ /bin/sh

everything it's ok

but when I try to connect with ssh I got connection reset by peer

----------

## Trebiani

i had many problems with the chroot patch, ssh and connection reset by peer. that's why i wrote a small howto. maybe it helps!

Howto create a ssh changeroot jail with "JAIL":

This document is just a short summary of:

http://www.jmcresearch.com/projects/jail/

**********

* Step 1 *

**********

install jail:

emerge -UD app-misc/jail

**********

* Step 2 *

**********

edit the user you want to put in jail  :Smile: 

testuser:x:1005:443::/jail:/usr/bin/jail

/jail ist the "root" of the changerooted jail

**********

* Step 3 *

**********

create the changeroot environment:

mkjailenv /jail

**********

* Step 4 *

**********

adding a user to the changeroot jail:

addjailuser /jail /home/testuser /bin/bash testuser

**********

* Step 5 *

**********

adding standard programs:

addjailsw /jail

**********

* Step 6 *

**********

adding bash, scp and ssh to the programs:

addjailsw /jail -P bash

addjailsw /jail -P ssh

addjailsw /jail -P scp

FINISHED!

be sure the ssh daemon is running!Last edited by Trebiani on Wed Jul 07, 2004 12:04 pm; edited 1 time in total

----------

## vai0l0

I've abandoned the idea to chroot sshd itself

I've installed jail and followed the instructions

Works great, the only thing I had to add maybe because I use Winscp as client)

addjailsw /jail -P groups

----------

