> On Tue, Jun 18, 2024 at 4:14 PM 4 <ba...@yandex.ru> wrote: >> i'm sorry, i'm not smart, but i have a several questions. imagine that we >> launch a ship far into space. we have only one communication channel with >> this ship, and one day, when the ship is already very far away from us, >> communication channel stops working [...] > You did something wrong. It's pretty apparent from the tone of your message > you don't want help identifying what it was or how to fix it, but for the > benefit of others who find this thread in the future, read the sshd_config > man page to find out how to use the ChrootDirectory option correctly.
i'm not talking about how to properly use chroot, but about the fact that sshd refuses to launch because /var/empty has "too many rights". if the rights were not enough, then the refusal to launch could be understood, but when sshd starves to death due to the fact that the folder is not kosher enough for him, then this is already an unhealthy religion. some other unimportant service can afford this behavior, but a critical service for remote access should not be so principal. then why not refuse to initialize interfaces because of "too many rights" to hostname.*? sshd could limit its rights on its own- it would be the same fascism as in the case of hostname.*, but not fatal. would be more reasonable to start and write in syslog that "i started, but do not agree with such freedom!! put me in a cage!!!1", and the user himself would decide what to do with it, as in the case of deleting ports, he decides whether to delete the remaining unnecessary tails in the form of the accounts, configs and other things. in general, i installed dropbear because openssh cannot be trusted to work remotely :D