# weird sftp problem

## ats2

Hi,

To make a long story short, here's how it goes :

I have created a chroot environement for a user 'webmaster' in my server. I have generated a ssh key and am able to connect via ssh or sftp with this key to the user account when user shell is /bin/bash. Now, I would like to restrict the access to sftp, so I changed /etc/passwd line from

webmaster

```
webmaster:x:1001:100::/home/webmaster/./home/webmaster/:/bin/bash

```

to

```
webmaster:x:1001:100::/home/webmaster/./home/webmaster/:/usr/bin/rssh

```

And in rssh.conf, I uncommented the desired lines :

```

allowscp

allowsftp

#allowcvs

#allowrdist

#allowrsync
```

Well, what was working previously doesn't any longer. And I can't figure out why...

Here's sftp -vvvv output (beginning truncated) :

```

Enter passphrase for key 'id_dsa':

debug1: read PEM private key done: type DSA

debug1: Authentication succeeded (publickey).

debug2: fd 4 setting O_NONBLOCK

debug3: fd 5 is O_NONBLOCK

debug1: channel 0: new [client-session]

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug1: Entering interactive session.

debug2: callback start

debug2: client_session2_setup: id 0

debug1: Sending subsystem: sftp

debug2: channel 0: request subsystem confirm 1

debug2: callback done

debug2: channel 0: open confirm rwindow 0 rmax 32768

debug2: channel 0: rcvd adjust 131072

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug2: channel 0: rcvd eof

debug2: channel 0: output open -> drain

debug2: channel 0: obuf empty

debug2: channel 0: close_write

debug2: channel 0: output drain -> closed

debug2: channel 0: rcvd close

debug2: channel 0: close_read

debug2: channel 0: input open -> closed

debug3: channel 0: will not send data after close

debug2: channel 0: almost dead

debug2: channel 0: gc: notify user

debug2: channel 0: gc: user detached

debug2: channel 0: send close

debug2: channel 0: is dead

debug2: channel 0: garbage collecting

debug1: channel 0: free: client-session, nchannels 1

debug3: channel 0: status: The following connections are open:

  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)

debug3: channel 0: close_fds r -1 w -1 e 6 c -1

debug1: fd 0 clearing O_NONBLOCK

debug3: fd 1 is not O_NONBLOCK

debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0

debug1: Exit status 1

Connection closed

```

The password is accepted but the connection is closed as soon as it is opened.

Do you understand why from these lines ?

I do not   :Sad:   :Sad: 

----------

## alex-weej

Hey

When a connection is closed like that, it usually means that the shell either failed to run or exited straight away. Check how /usr/bin/rssh executes from inside bash as your webmaster user.

----------

## ats2

Well, I logged in with ssh (having restored my user shell to /bin/bash) and ran /usr/bin/rssh -v

It worked and gave that output, which seems correct to me.

```

rssh 2.3.0

Copyright 2002-5 Derek D. Martin <rssh-discuss at lists dot sourceforge dot net>

    rssh config file = /etc/rssh.conf

  chroot helper path = /usr/lib/misc/rssh_chroot_helper

     scp binary path = /usr/bin/scp

  sftp server binary = /usr/lib/misc/sftp-server

     cvs binary path = /usr/bin/cvs

   rdist binary path = /usr/bin/rdist

   rsync binary path = /usr/bin/rsync

```

What could cause the shell to fail or exit instantly like that ?

----------

## alex-weej

Try running it without -v and see what happens.

----------

## ats2

 *alex-weej wrote:*   

> Try running it without -v and see what happens.

 

Here's the output of '/usr/bin.rssh'

```

This account is restricted by rssh.

Allowed commands: scp sftp

If you believe this is in error, please contact your system administrator.

```

----------

## ats2

well, no other idea anyone ?

----------

## Janne Pikkarainen

So far we have seen the client's side of this story. How about the server logs? Have you checked out if rssh tells there what's going wrong?

----------

## alex-weej

To be totally honest with you, I don't have a clue how rssh works. I assume it's a restricted shell that provides only a few services like sftp, scp, rsync, etc.

But what you're describing to us sounds like the shell is exiting prematurely and I'd guess that is the problem. I can't offer a better explanation than that, sorry.

I'm sure someone with more of a clue will be along soon!

----------

## ats2

 *Janne Pikkarainen wrote:*   

> So far we have seen the client's side of this story. How about the server logs? Have you checked out if rssh tells there what's going wrong?

 

Sorry for the delay : I was googling and trying different methods for setting up my chroot jail. However, the jail works with the 'chroot' option commented out in /etc/rsshd.conf, but not with it enabled.

So I ran /usr/sbin/sshd -ddd and here's the output

```

 debug2: load_server_config: filename /etc/ssh/sshd_config

debug2: load_server_config: done config len = 254

debug2: parse_server_config: config /etc/ssh/sshd_config len 254

debug1: sshd version OpenSSH_4.3p2

debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.

debug1: read PEM private key done: type RSA

debug1: private host key: #0 type 1 RSA

debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.

debug1: read PEM private key done: type DSA

debug1: private host key: #1 type 2 DSA

debug1: rexec_argv[0]='/usr/sbin/sshd'

debug1: rexec_argv[1]='-d'

debug1: rexec_argv[2]='-d'

debug1: rexec_argv[3]='-d'

debug2: fd 3 setting O_NONBLOCK

debug1: Bind to port 22 on 0.0.0.0.

Server listening on 0.0.0.0 port 22.

socket: Address family not supported by protocol

debug3: fd 4 is not O_NONBLOCK

debug1: Server will not fork when running in debugging mode.

debug3: send_rexec_state: entering fd = 7 config len 254

debug3: ssh_msg_send: type 0

debug3: send_rexec_state: done

debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7

debug1: inetd sockets after dupping: 3, 3

Connection from 127.0.0.1 port 36028

debug1: Client protocol version 2.0; client software version OpenSSH_4.3

debug1: match: OpenSSH_4.3 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.3

debug2: fd 3 setting O_NONBLOCK

debug3: privsep user:group 22:22

debug1: permanently_set_uid: 22/22

debug1: list_hostkey_types: ssh-rsa,ssh-dss

debug1: SSH2_MSG_KEXINIT sent

debug2: Network child is on pid 12606

debug3: preauth child monitor started

debug3: mm_request_receive entering

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit: none,zlib@openssh.com

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received

debug3: mm_request_send entering: type 0

debug3: monitor_read: checking request 0

debug3: mm_answer_moduli: got parameters: 1024 1024 8192

debug3: mm_request_send entering: type 1

debug2: monitor_read: 0 used once, disabling now

debug3: mm_request_receive entering

debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI

debug3: mm_request_receive_expect entering: type 1

debug3: mm_request_receive entering

debug3: mm_choose_dh: remaining 0

debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent

debug2: dh_gen_key: priv key bits set: 136/256

debug2: bits set: 515/1024

debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT

debug2: bits set: 521/1024

debug3: mm_key_sign entering

debug3: mm_request_send entering: type 5

debug3: monitor_read: checking request 5

debug3: mm_answer_sign

debug3: mm_answer_sign: signature 0x80a06f8(143)

debug3: mm_request_send entering: type 6

debug2: monitor_read: 5 used once, disabling now

debug3: mm_request_receive entering

debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN

debug3: mm_request_receive_expect entering: type 6

debug3: mm_request_receive entering

debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: SSH2_MSG_NEWKEYS received

debug1: KEX done

debug1: userauth-request for user rsshuser service ssh-connection method none

debug1: attempt 0 failures 0

debug3: mm_getpwnamallow entering

debug3: mm_request_send entering: type 7

debug3: monitor_read: checking request 7

debug3: mm_answer_pwnamallow

debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1

debug3: mm_request_send entering: type 8

debug2: monitor_read: 7 used once, disabling now

debug3: mm_request_receive entering

debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM

debug3: mm_request_receive_expect entering: type 8

debug3: mm_request_receive entering

debug2: input_userauth_request: setting up authctxt for rsshuser

debug3: mm_start_pam entering

debug3: mm_request_send entering: type 46

debug3: monitor_read: checking request 46

debug1: PAM: initializing for "rsshuser"

debug3: Trying to reverse map address 127.0.0.1.

debug1: PAM: setting PAM_RHOST to "localhost"

debug1: PAM: setting PAM_TTY to "ssh"

debug2: monitor_read: 46 used once, disabling now

debug3: mm_request_receive entering

debug3: mm_inform_authserv entering

debug3: mm_request_send entering: type 3

debug3: mm_inform_authrole entering

debug3: mm_request_send entering: type 4

debug2: input_userauth_request: try method none

Failed none for rsshuser from 127.0.0.1 port 36028 ssh2

debug3: monitor_read: checking request 3

debug3: mm_answer_authserv: service=ssh-connection, style=

debug2: monitor_read: 3 used once, disabling now

debug3: mm_request_receive entering

debug3: monitor_read: checking request 4

debug3: mm_answer_authrole: role=

debug2: monitor_read: 4 used once, disabling now

debug3: mm_request_receive entering

debug1: userauth-request for user rsshuser service ssh-connection method publickey

debug1: attempt 1 failures 1

debug2: input_userauth_request: try method publickey

debug1: test whether pkalg/pkblob are acceptable

debug3: mm_key_allowed entering

debug3: mm_request_send entering: type 21

debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED

debug3: mm_request_receive_expect entering: type 22

debug3: mm_request_receive entering

debug3: monitor_read: checking request 21

debug3: mm_answer_keyallowed entering

debug3: mm_answer_keyallowed: key_from_blob: 0x80a16d8

debug1: temporarily_use_uid: 1004/100 (e=0/0)

debug1: trying public key file /home/chroot/rsshuser/.ssh/authorized_keys

debug3: secure_filename: checking '/home/chroot/rsshuser/.ssh'

debug3: secure_filename: checking '/home/chroot/rsshuser'

debug3: secure_filename: terminating check at '/home/chroot/rsshuser'

debug1: matching key found: file /home/chroot/rsshuser/.ssh/authorized_keys, line 1

Found matching DSA key: 34:f3:0f:76:78:04:86:5f:b6:17:c7:6e:ef:f9:cd:23

debug1: restore_uid: 0/0

debug3: mm_answer_keyallowed: key 0x80a16d8 is allowed

debug3: mm_request_send entering: type 22

debug3: mm_request_receive entering

debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss

Postponed publickey for rsshuser from 127.0.0.1 port 36028 ssh2

debug1: userauth-request for user rsshuser service ssh-connection method publickey

debug1: attempt 2 failures 1

debug2: input_userauth_request: try method publickey

debug3: mm_key_allowed entering

debug3: mm_request_send entering: type 21

debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED

debug3: mm_request_receive_expect entering: type 22

debug3: mm_request_receive entering

debug3: monitor_read: checking request 21

debug3: mm_answer_keyallowed entering

debug3: mm_answer_keyallowed: key_from_blob: 0x80a1730

debug1: temporarily_use_uid: 1004/100 (e=0/0)

debug1: trying public key file /home/chroot/rsshuser/.ssh/authorized_keys

debug3: secure_filename: checking '/home/chroot/rsshuser/.ssh'

debug3: secure_filename: checking '/home/chroot/rsshuser'

debug3: secure_filename: terminating check at '/home/chroot/rsshuser'

debug1: matching key found: file /home/chroot/rsshuser/.ssh/authorized_keys, line 1

Found matching DSA key: 34:f3:0f:76:78:04:86:5f:b6:17:c7:6e:ef:f9:cd:23

debug1: restore_uid: 0/0

debug3: mm_answer_keyallowed: key 0x80a1730 is allowed

debug3: mm_request_send entering: type 22

debug3: mm_request_receive entering

debug3: mm_key_verify entering

debug3: mm_request_send entering: type 23

debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY

debug3: mm_request_receive_expect entering: type 24

debug3: mm_request_receive entering

debug3: monitor_read: checking request 23

debug1: ssh_dss_verify: signature correct

debug3: mm_answer_keyverify: key 0x80a17f8 signature verified

debug3: mm_request_send entering: type 24

debug3: mm_request_receive_expect entering: type 47

debug3: mm_request_receive entering

debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss

debug3: mm_do_pam_account entering

debug3: mm_request_send entering: type 47

debug3: mm_request_receive_expect entering: type 48

debug3: mm_request_receive entering

debug1: do_pam_account: called

debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)

debug3: mm_request_send entering: type 48

Accepted publickey for rsshuser from 127.0.0.1 port 36028 ssh2

debug1: monitor_child_preauth: rsshuser has been authenticated by privileged process

debug3: mm_get_keystate: Waiting for new keys

debug3: mm_request_receive_expect entering: type 25

debug3: mm_request_receive entering

debug3: mm_do_pam_account returning 1

Accepted publickey for rsshuser from 127.0.0.1 port 36028 ssh2

debug3: mm_send_keystate: Sending new keys: 0x80a0a68 0x80a0940

debug3: mm_newkeys_to_blob: converting 0x80a0a68

debug3: mm_newkeys_to_blob: converting 0x80a0940

debug3: mm_send_keystate: New keys have been sent

debug3: mm_send_keystate: Sending compression state

debug3: mm_request_send entering: type 25

debug3: mm_send_keystate: Finished sending state

debug3: mm_newkeys_from_blob: 0x80a3b08(118)

debug2: mac_init: found hmac-md5

debug3: mm_get_keystate: Waiting for second key

debug3: mm_newkeys_from_blob: 0x80a3b08(118)

debug2: mac_init: found hmac-md5

debug3: mm_get_keystate: Getting compression state

debug3: mm_get_keystate: Getting Network I/O buffers

debug3: mm_share_sync: Share sync

debug3: mm_share_sync: Share sync end

debug3: PAM: opening session

debug1: PAM: reinitializing credentials

debug1: permanently_set_uid: 1004/100

debug2: set_newkeys: mode 0

debug2: set_newkeys: mode 1

debug1: Entering interactive session for SSH2.

debug2: fd 5 setting O_NONBLOCK

debug2: fd 6 setting O_NONBLOCK

debug1: server_init_dispatch_20

debug2: User child is on pid 12607

debug3: mm_request_receive entering

debug1: server_input_channel_open: ctype session rchan 0 win 131072 max 32768

debug1: input_session_request

debug1: channel 0: new [server-session]

debug1: session_new: init

debug1: session_new: session 0

debug1: session_open: channel 0

debug1: session_open: session 0: link with channel 0

debug1: server_input_channel_open: confirm session

debug1: server_input_channel_req: channel 0 request subsystem reply 1

debug1: session_by_channel: session 0 channel 0

debug1: session_input_channel_req: session 0 req subsystem

subsystem request for sftp

debug1: subsystem: exec() /usr/lib/misc/sftp-server

debug2: fd 8 setting O_NONBLOCK

debug3: fd 8 is O_NONBLOCK

debug2: channel 0: read<=0 rfd 8 len -1

debug2: channel 0: read failed

debug2: channel 0: close_read

debug2: channel 0: input open -> drain

debug2: channel 0: ibuf empty

debug2: channel 0: send eof

debug2: channel 0: input drain -> closed

debug1: Received SIGCHLD.

debug1: session_by_pid: pid 12608

debug1: session_exit_message: session 0 channel 0 pid 12608

debug2: channel 0: request exit-status confirm 0

debug1: session_exit_message: release channel 0

debug2: channel 0: write failed

debug2: channel 0: close_write

debug2: channel 0: output open -> closed

debug2: channel 0: send close

debug3: channel 0: will not send data after close

debug2: notify_done: reading

debug3: channel 0: will not send data after close

debug2: channel 0: rcvd close

debug3: channel 0: will not send data after close

debug2: channel 0: is dead

debug2: channel 0: gc: notify user

debug1: session_by_channel: session 0 channel 0

debug1: session_close_by_channel: channel 0 child 0

debug1: session_close: session 0 pid 0

debug2: channel 0: gc: user detached

debug2: channel 0: is dead

debug2: channel 0: garbage collecting

debug1: channel 0: free: server-session, nchannels 1

debug3: channel 0: status: The following connections are open:

  #0 server-session (t4 r0 i3/0 o3/0 fd 8/8 cfd -1)

debug3: channel 0: close_fds r 8 w 8 e -1 c -1

Connection closed by 127.0.0.1

debug1: do_cleanup

debug1: PAM: cleanup

debug3: PAM: sshpam_thread_cleanup entering

Closing connection to 127.0.0.1

debug1: PAM: cleanup

debug3: mm_request_send entering: type 59

debug3: monitor_read: checking request 59

debug3: mm_answer_term: tearing down sessions

 
```

As before, it accepts the publickey, but something's going wrong after that and I can't spot what.   :Sad: 

Here's /var/log/messages output :

```

May 19 01:46:16 <mymachine> rssh[12608]: setting log facility to LOG_USER

May 19 01:46:16 <mymachine> rssh[12608]: allowing scp to all users

May 19 01:46:16 <mymachine> rssh[12608]: allowing sftp to all users

May 19 01:46:16 <mymachine> rssh[12608]: setting umask to 022

May 19 01:46:16 <mymachine> rssh[12608]: chrooting all users to /home/chroot

May 19 01:46:16 <mymachine> rssh[12608]: chroot cmd line: /usr/lib/misc/rssh_chroot_h elper 2 "/usr/lib/misc/sftp-server"

May 19 01:46:16 <mymachine> sshd(pam_unix)[12607]: session closed for user rsshuser

```

----------

## Janne Pikkarainen

```
May 19 01:46:16 <mymachine> rssh[12608]: setting log facility to LOG_USER
```

I wonder if it would be possible to set log facility to LOG_DEBUG, thus giving us a lot more verbose output. I do not understand this problem either, unless your test user has some obscure .bashrc/.bash_profile/some other login script specified and rssh would try to run it for some reason. At least traditional sftp can get disturbed because of those and even though I don't believe rssh should do it, everything's possible...

----------

## Julz

```
debug1: session_input_channel_req: session 0 req subsystem

subsystem request for sftp

debug1: subsystem: exec() /usr/lib/misc/sftp-server

debug2: fd 8 setting O_NONBLOCK

debug3: fd 8 is O_NONBLOCK

debug2: channel 0: read<=0 rfd 8 len -1

debug2: channel 0: read failed

debug2: channel 0: close_read

debug2: channel 0: input open -> drain

debug2: channel 0: ibuf empty

debug2: channel 0: send eof

debug2: channel 0: input drain -> closed

debug1: Received SIGCHLD.
```

That looks like it's sftp that dies prematurely. Maybe you chroot in some directory with bad permissions ?

----------

## troymc

You mentioned that you've setup your chroot environment - are you sure that you have included all the necessary libraries?

ie. to allow SCP you'll need these libraries in the chroot:

```

# ldd /usr/bin/scp 

       libutil.so.1 => /lib/libutil.so.1 (0x4001c000) 

       libz.so.1 => /usr/lib/libz.so.1 (0x4001f000) 

       libnsl.so.1 => /lib/libnsl.so.1 (0x4002d000) 

       libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40042000) 

       libc.so.6 => /lib/libc.so.6 (0x40106000) 

       libdl.so.2 => /lib/libdl.so.2 (0x40235000) 

       /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

```

You should check rssh & sftp-server to make sure you have all their required libraries as well.

troymc

----------

## ats2

I think it is correct :

#ldd /usr/bin/scp

```
 linux-gate.so.1 =>  (0xffffe000)

        libresolv.so.2 => /lib/libresolv.so.2 (0xb7fb9000)

        libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7ebb000)

        libutil.so.1 => /lib/libutil.so.1 (0xb7eb7000)

        libz.so.1 => /lib/libz.so.1 (0xb7ea6000)

        libnsl.so.1 => /lib/libnsl.so.1 (0xb7e91000)

        libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7e64000)

        libc.so.6 => /lib/tls/libc.so.6 (0xb7d4e000)

        libdl.so.2 => /lib/libdl.so.2 (0xb7d4a000)

        /lib/ld-linux.so.2 (0xb7fe3000)

```

Same librairies for rssh_chroot_helper,  sftp-server (in /usr/lib/misc )

#tree /home/chroot

```

/home/chroot

|-- etc

|   `-- passwd

|-- lib

|   |-- ld-linux.so.2

|   |-- libcrypt.so.1

|   |-- libdl.so.2

|   |-- libnsl.so.1

|   |-- libresolv.so.2

|   |-- libutil.so.1

|   |-- libz.so.1

|   `-- tls

|       `-- libc.so.6

|-- rsshuser

`-- usr

    |-- bin

    |   |-- rssh

    |   `-- scp

    |-- lib

    |   |-- libcrypto.so.0.9.7

    |   `-- misc

    |       |-- rssh_chroot_helper

    |       `-- sftp-server

    `-- libexec

```

----------

## Julz

Have you checked that your /home partition is not mounted with the noexec option ? (Unlikely but it happened to me recently).

----------

## ats2

Well, no. Seems okay : ext3 + noatime

----------

## qcaze

Hi, found this:

 *Quote:*   

> 
> 
> mkdir /your/chroot/dir/dev
> 
> mknod -m 666 /your/chroot/dir/dev/null c 1 3
> ...

 

https://forums.gentoo.org/viewtopic-p-3345440.html#3345440

----------

