Using app-misc/jail on Gentoo to create a chroot'd environment. (http://www.jmcresearch.com/projects/jail/)

Works great, except for ssh public key auth. It looks in the wrong spot for authorized_keys b/c of non-chroot /etc/passwd.

e.g.

cat /etc/passwd | grep '^prisoner'
prisoner:x:1005:81::/var/chroot:/usr/bin/jail

When logging in using public key:

Mar  9 13:32:55 catch-22 sshd[27465]: debug1: trying public key file /var/chroot/.ssh/authorized_keys

Anyone have a work-around?

sshd, by default, looks in $HOME/.ssh/authorized_keys for key access. Since the user's home is /var/chroot that's where it's looking.

If you have a recent(ish) ssh version (4.9 or newer, it seems), look at

http://www.zdnetasia.com/techguide/open ... 704,00.htm

_________________
Rgds
Stephen
(Linux user since kernel version 0.11)

So the solution in that link looks the same, really. The only difference is that the author of that article assumes the chroot'd env. is the user's home dir.

i.e. when joe logs in he'll be in /chroot not /chroot/home/joe

I could do that, but I don't want a 1-to1 between chroot'd env.'s and users. I want to have 1 chroot'd env. and several users.

sshd_config Match directive looks interesting. Wonder if there's a way to match group and tell sshd to look in a different spot for authorized_keys for that group.

Looks like jailkit does what I want. Same functionality, but creates a more "correct" /etc/passwd that allows sshd to process normally.

See:

http://olivier.sessink.nl/jailkit/