Breaking SFTP Jail

[shinji257]

Is there anyway that I can reset the SFTP jail to start the root of the entire filesystem? Right now it seems to be jailed to the user home folder. The reason for this is that I want to map the router filesystem to a drive letter on my home pc.

If possible I would like to not change the root user home folder.

[avberk]

Aren't you better of with 'samba' ?
ftp and driveletters??

[shinji257]

No because samba uses too many resources for the tasks I have the router doing. A sftp server uses much less than samba does and therefore fits the minimalist setup that I have going. I currently have ftp service enabled for internal use only. It uses less memory than samba and provides access to the entire 3rd partiton on my external drive. This is partially what I want. At least now I can pull down my torrents and stuff. If I can open up sftp to at least my entire 3rd partition then I will be able to do it externally as well.

P.S. - My current ssh setup is very secure and sftp is running.

[Serpent]

You're absolutely right, I'm also using vsftpd and FtpDrive to map the drive, for the same reasons. Externally I'm using scp.

But busybox doesn't have sftp, only scp. What are you using, OpenSSH?
I'm asking you this, because you need to modify in sftp server's config file something like this: secure_chroot_dir=/tmp/mnt/disc0_3

Another answer is to create (and use for sftp) an user with /tmp/mnt/disc0_3 as home dir.

[shinji257]

You're absolutely right, I'm also using vsftpd and FtpDrive to map the drive, for the same reasons. Externally I'm using scp.

But busybox doesn't have sftp, only scp. What are you using, OpenSSH?
I'm asking you this, because you need to modify in sftp server's config file something like this: secure_chroot_dir=/tmp/mnt/disc0_3

Another answer is to create (and use for sftp) an user with /tmp/mnt/disc0_3 as home dir.

Well I installed openssh-sftp-server so it may be possible to create a blank openssh conf file and apply the appropriate settings to change that behavior. I'll have to give it a try when I get a chance. Noting that the sftp server I am using is part of openssh but I still use dropbear to run it.

EDIT: Ok. I opted to create a new user that is sftp only. I set the shell to /bin/false (deny ssh login) and set the home folder to /tmp/mnt/disc0_3/. I tested it and it worked. However I had to create a new /etc/shells and list the valid shells into it. I'll check it further because right now I can't exactly confirm that sftp is working as expected but scponly will likely be the official shell now that I have a /etc/shells file to work with.

EDIT: Woops. Sftp doesn't work with /bin/false as the shell. You will need to use /opt/libexec/sftp-server as the shell. The gotcha now was that it does do the entire root filesystem if you change to the root folder. It seems that my program that does the mounting doesn't let me go below the home folder (was not an issue before) however I found that you could if you used a command line sftp program. This would not allow you to upload but it does allow you to download from outside the home folder. I'll try using scponly however I already found that it doesn't work with dropbear so maybe I'll even give rssh a go.

EDIT: So far rssh doesn't compile due to the lack of a wordexp() implementation. I'm going to try to snag one from a bsd or linux distro that is compatible with our setup.
EDIT (a few minutes later)...: I took a look again at http://recycle.lbl.gov/~ldoolitt/wordexp.h and it appears to be compatible. It is the GNU C version of wordexp.h that only relies on features.h being present. I hope it links fine. I'm already testing a binary now.