shrooted ssh environments for ispconfig users
(ispconfig 2.2.35, ubuntu 9.10)
With openssh 4.9.x/5.x, the logic to build chrooted ssh users in just built in. Because of the new
logic, the magic separator "/./" within the users homedir assignment in passwd is no longer needed, but is
now in trouble. See http://www.howtoforge.com/forums/showthread.php?t=32459 for the basics.
To consider the history and also the new logic, a solution for ispconfig seems easy to adapt:
One strategic parameter is in /root/ispconfig/scripts/lib/config.inc.php, where
script /root/ispconfig/scripts/shell/create_chroot_env.sh is scheduled to build the users chrooted
One solution is, to have a tri-state with $go_info["server"]["ssh_chroot"], where 0 leads to no chroot,
where 1 leads to chroot with magic "/./" and script execution, and where a new value 2 leads to omit the
magic "/./" but performs the script. The behaviour of option 0 and 1 are unchanged to support all those
with the need of the old logic, but option 2 now becomes adjusted to the new logic. The changes are most easy:
The essential file is /root/ispconfig/scripts/lib/config.lib.php, where lines
# 772-774 (insert new user)
# 949-950 (update user)
/root/ispconfig/scripts/lib/config.inc.php, where line #106
$go_info["server"]["ssh_chroot"] = 2; // 0 = no, 1 = yes with old chroot path /./, 2 = yes without /./ (openssh 5.x logic)
is the example to use the new logic.
I would be happy, if the small changes would be confirmed with one of the next ispconfix 2.x releases.
I got ispconfig 2.2.35, centos 5.4 and OpenSSH_5.2p1.
I add to sshd_config:
Match Group web*
I change 0 to 1:
$go_info["server"]["ssh_chroot"] = 1;
When I create a user from ispconfig, I get all library into the ftp account but i cant connect to sftp.
I think I get the error in sshd_config because if i dont put the new config into sshd_config, its work!
Whats the my problem?
Thanks for the help!!
** Sorry for my bad english :)
your English is not bad at all. I have consider your problem... I will try to sort it out..
i dont remember... do you active shell access from panel ispconfig for the user of the domain?
Hi hrvbid, Thanks for the nice post you sharing with us. :)
|All times are GMT +2. The time now is 12:00.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.