ran into this today. i'm pretty sure it's bubbling up from libssh2 as i tried the same with py-ssh2, also libssh2 based, with the same results. paramiko, on the hand, works fine.
extern crate ssh2;
use ssh2::Session;
use std::path::Path;
use std::io::prelude::*;
use std::net::TcpStream;
fn main() {
let tcp = TcpStream::connect("chrooted.example.com:22").unwrap();
let mut sess = Session::new().unwrap();
sess.handshake(&tcp).unwrap();
// make it your own, try either
sess.userauth_password("CHROOTED_UNAME","CHROOTED_PASSWD").unwrap();
// or
// sess.userauth_password("ADMIN_UNAME","ADMIN_PASSWD").unwrap();
let sftp = sess.sftp().unwrap();
let sftp_path = Path::new("/CHROOTED_DIR");
println!("sftp readdir: {:?}", sftp.readdir(&sftp_path).unwrap());
output:
for the admin group user, all is well:
sftp readdir: Ok([("CHROOTED_DIR", FileStat { size: Some(4096), uid: Some(1006), gid: Some(1002), perm: Some(16877), atime: Some(1518559915), mtime: Some(1518427948) }), ])
for the sftponly (chroot) group user, however:
xxxxx2:~/ru-ssh2/sftp-test$ cargo run
Compiling sftp-test v0.1.0 (file:///xxxxxx/ru-ssh2/sftp-test)
Finished dev [unoptimized + debuginfo] target(s) in 0.80 secs
Running `target/debug/sftp-test`
sftp path: "CHROOTED_DIR"
sftp readdir: Err(Error { code: 2, msg: "unknown error" })
standard chroot setup on Ubuntu 16.04 LTS accessed tens of thousands of times/day via paramiko:
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
py-ssh2/libssh2 code with identical connection pattern and non-discript error:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import socket
from ssh2.session import Session
CHROOT_DIR = 'CHROOT_DIR'
CHROOT_UNAME = 'CHROOT_UNAME'
CHROOT_PASSWD = 'CHROOT_PASSWD'
ADMIN_UNAME = 'ADMIN_UNAME'
ADMIN_PASSWD = 'ADMIN_PASSWD'
host = 'CHROOTED_HOST'
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, 22))
sess = Session()
sess.handshake(sock)
sess.userauth_password(ADMIN_UNAME,ADMIN_PASSWD)
# or
# sess.userauth_password(CHROOT_UNAME,CHROOT_PASSWD)
sftp = sess.sftp_init()
with sftp.opendir(CHROOT_DIR) as fd:
for size, buf, attrs in fd.readdir():
print(f'{size},{buf},{attrs}')
output:
admin group user:
1,b'.',
2,b'..',
11,b'CHROOTED_DIR',
chrooted user:
Traceback (most recent call last):
File "py_ssh2_test.py", line 22, in
with sftp.opendir(CHROOT_DIR) as fd:
AttributeError: __enter__