This allows using openssh's sftp-server in chroot mode without sshd or modifying their source-code.

Why?

When doing reverse-sshfs using ncat and ssh port forwarding you have to trust the server to not hijack your sshfs call to gain access to your whole system. This prevents that by limiting sftp-server's access using kernel functionality.

How does it work?

sshd includes the same code as sftp-server in their binary but neither provides the sftp-functionality as a library.

Both call the function sftp_server_main passing the current user's struct passwd as an argument. sshd does the chroot before calling that function. You could also do the chroot before starting sftp-server but that would require making all the dependencies (linker, shared library, /dev/null) available in there.

So instead, I wrote a small preload library which uses sftp-server's initial getpwuid call to do the chroot and return a struct passwd for the user that you initially inteded to run the server at(chroot needs root permissions).

How to run

The specifics differ depending on your setup but the minimum you have to do is set some environment variables:

• export LD_PRELOAD="/path/to/libsftp_server_chroot_preload.so"
• export SFTP_CHROOT_DIR="/path/to/shared/directory"
• export SFTP_UID="DESIRED_UID"

After chrooting, the process drops it's user and group privileges to that of the user with the UID DESIRED_UID.