HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Chrooted SSH HowTo question??? (http://www.howtoforge.com/forums/showthread.php?t=2154)

ctroyp 19th January 2006 18:12

Chrooted SSH HowTo question???
 
This looks like the perfect "how to" for what I am needing to do. What a present Falko! Thanks!

Before using the "how to" I wanted to make sure that there would not be any conflicts with my current setup. I am setup with "The Perfect Setup--Debian Sarge" w/ISPConfig.

Do you know of any potential issues I may run into?

falko 19th January 2006 21:56

Make sure that you chroot your users to the right directory.

ctroyp 19th January 2006 21:58

Quote:

Originally Posted by falko
Make sure that you chroot your users to the right directory.

Sounds good. I think this is going to help me a lot...thanks!

ctroyp 28th January 2006 17:59

falko,
I want to create specific users to access the respective web files. I have a website that a couple users need to access via SSH (/home/www/web5). Using the Chrooted SSH howto, it stated that he users would be jailed in /home/chroot. I don't want to provide them access to any other directories other than /home/www/web5. I am a little confused how to do this. Can you give me a little more guidance?

Thanks for any help...still a growing Linux newbie. :rolleyes:

falko 29th January 2006 02:04

Instead of /home/chroot you can use /home/www.

ctroyp 11th February 2006 23:34

falko, disregard the email I sent you today on the error I was getting. I fixed that.

I now have the users jailed as needed. Nice howto by the way.

The only problem is that once the user logs in, they do go to the appropriate directory (/home/www/webx/web/), but while testing it, I was able to "cd /" and go to the /home/www/webx directory adn I want to keep them in a level no lower than the web directory.

I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

Here is what the user looks like in both passwd files (main and chroot):
Code:

testuser:x:10020:100:testuser:/home/www/webx/./web:/bin/bash
Did I overlook something?

Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???

falko 12th February 2006 11:23

Quote:

Originally Posted by ctroyp
I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

This means that /home/www/webx is the user's root directory. So by typing
Code:

cd /
he should go to /home/www/webx.

Quote:

Originally Posted by ctroyp
Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???

I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... :D ).
Did you try WinSCP in SCP or SFTP mode?

ctroyp 12th February 2006 23:50

Quote:

Originally Posted by falko
This means that /home/www/webx is the user's root directory. So by typing
Code:

cd /
he should go to /home/www/webx.

Okay, I just didn't want them to see those files...

Quote:

Originally Posted by falko
I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... :D ).
Did you try WinSCP in SCP or SFTP mode?

I tried each mode without success. I looked on their site and it seems there is an issue with openssh, but I need to look further. The strange thing is that I can login using WinSCP fine under root. Oh well, I'll figure it out soon enough. Thanks!

savkar 13th February 2006 14:25

SCP works with WinSCP3, not SFTP
 
Not sure why SFTP doesn't work. SCP does. I then try both protocols with a non-chroot user and both work.

Falko, is there any reason for this? Does the patch only patch ssh/scp protocols, but not otherwise help wtih SFTP?

Also, separately, would there be anyway to set up SSH with the chroot functionality but with username/password support and quota support all via a mysql database. That is, basically permit virtual users?

I am curious because I'd love to intergrate this in with the rest of the virtual user stuff for my postfix/virtual user setup.

I see you can do something like this using proftpd, but just would love to have the same functionality for ssh...

Sunil

falko 13th February 2006 18:06

I've never heard of virtual SSH users... I don't think this is possible...


All times are GMT +2. The time now is 04:08.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.