HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Tips/Tricks/Mods (http://www.howtoforge.com/forums/forumdisplay.php?f=19)
-   -   shrooted ssh environments for ispconfig users (http://www.howtoforge.com/forums/showthread.php?t=42128)

hrvbid 23rd December 2009 18:38

shrooted ssh environments for ispconfig users
 
(ispconfig 2.2.35, ubuntu 9.10)
With openssh 4.9.x/5.x, the logic to build chrooted ssh users in just built in. Because of the new
logic, the magic separator "/./" within the users homedir assignment in passwd is no longer needed, but is
now in trouble. See http://www.howtoforge.com/forums/showthread.php?t=32459 for the basics.
To consider the history and also the new logic, a solution for ispconfig seems easy to adapt:
One strategic parameter is in /root/ispconfig/scripts/lib/config.inc.php, where
PHP Code:

$go_info["server"]["ssh_chroot"] = or 

is responsible for two actions. In case of value 1, 1st, the magic separator "/./" is used, and 2nd, the
script /root/ispconfig/scripts/shell/create_chroot_env.sh is scheduled to build the users chrooted
environment.
One solution is, to have a tri-state with $go_info["server"]["ssh_chroot"], where 0 leads to no chroot,
where 1 leads to chroot with magic "/./" and script execution, and where a new value 2 leads to omit the
magic "/./" but performs the script. The behaviour of option 0 and 1 are unchanged to support all those
with the need of the old logic, but option 2 now becomes adjusted to the new logic. The changes are most easy:
The essential file is /root/ispconfig/scripts/lib/config.lib.php, where lines
# 772-774 (insert new user)
PHP Code:

  if($go_info["server"]["ssh_chroot"] == && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 

have to change to
PHP Code:

  if($go_info["server"]["ssh_chroot"] > && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 

and lines
# 949-950 (update user)
PHP Code:

  if($go_info["server"]["ssh_chroot"] == && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 

also have to change to
PHP Code:

  if($go_info["server"]["ssh_chroot"] > && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 

Note, thats all to do - a really cheap solution. To be complete, a look to
/root/ispconfig/scripts/lib/config.inc.php, where line #106
$go_info["server"]["ssh_chroot"] = 2; // 0 = no, 1 = yes with old chroot path /./, 2 = yes without /./ (openssh 5.x logic)
is the example to use the new logic.
I would be happy, if the small changes would be confirmed with one of the next ispconfix 2.x releases.

userman 12th February 2010 13:03

chroot
 
Hi,

I got ispconfig 2.2.35, centos 5.4 and OpenSSH_5.2p1.

I add to sshd_config:
Match Group web*
ChrootDirectory ~/
AllowTcpForwarding no

I change 0 to 1:
/home/admispconfig/ispconfig/lib/config.inc.php
$go_info["server"]["ssh_chroot"] = 1;

When I create a user from ispconfig, I get all library into the ftp account but i cant connect to sftp.
I think I get the error in sshd_config because if i dont put the new config into sshd_config, its work!

Whats the my problem?
Thanks for the help!!

** Sorry for my bad english :)

steve7680768 9th March 2010 13:19

your English is not bad at all. I have consider your problem... I will try to sort it out..

userman 21st June 2010 01:07

i dont remember... do you active shell access from panel ispconfig for the user of the domain?

rockstar9840 5th November 2010 15:08

Hi hrvbid, Thanks for the nice post you sharing with us. :)


All times are GMT +2. The time now is 03:22.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.