Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th January 2011, 06:49
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default chroot SSH IspConfig2

How do I chroot SSH shell's for ISPConfig 2 users?

I simply don't want them to be able to look at database passwords in files and stuff like that in other clients web's... not an unreasonable request.

I found info on ispconfig 3 but no info on Ispconfig 2 the real ispconfig.

I'm running Debian Lenny.

Thanks if you can help.

PS. Nothing against IspConfig 3, it just looks like it was made through the god aweful TYP03 CMS or something, but I'm sure it has as many ups as it does downs..like the virtual mail names for webs and stuff.
Reply With Quote
Sponsored Links
  #2  
Old 16th January 2011, 12:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
Default

Quote:
Originally Posted by kextra1 View Post
How do I chroot SSH shell's for ISPConfig 2 users?

I simply don't want them to be able to look at database passwords in files and stuff like that in other clients web's... not an unreasonable request.

I found info on ispconfig 3 but no info on Ispconfig 2 the real ispconfig.

I'm running Debian Lenny.
You must set this up manually. This link might help: http://www.howtoforge.com/chrooted-s...l-debian-lenny

Quote:
Originally Posted by kextra1 View Post
PS. Nothing against IspConfig 3, it just looks like it was made through the god aweful TYP03 CMS or something, but I'm sure it has as many ups as it does downs..like the virtual mail names for webs and stuff.
ISPConfig 3 has absolutely nothing to do with Typo3. I wonder why you got this impression?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th January 2011, 22:26
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default

Quote:
Originally Posted by falko View Post
You must set this up manually. This link might help: http://www.howtoforge.com/chrooted-s...l-debian-lenny

Thanks a million Falko, you're the best! As always! Actually I am going to login to my email. There is a compliment I want you to see. Your name was mentioned just the other day in an email conversation!

My cousin jake who started me on ISPConfig doesn't even know you in real life, but just yesterday your name was mentioned when we were talking about ISPConfig. I'll paste his compliment below. He said,

(pasting email below)

"Don't you use the howtoforge forums anymore? Falko is the go to guy for ISPConfig 2 & 3, but not just that. The guy has written so many tutorials helping so many people, and done so on so many platforms! I mean the guy knows how to use every linux distro and is a true pioneer. When it comes to the Open Source community that guy is a true jewel, I wish there were a million more like him in the open source community.

I don't know Falko very well, but he's the reason I started using ISPConfig CP instead of commercial CP's like WHMCS or Plesk. I met him on howtoforge ispconfig 2 forums. I thought you knew him. There are others who can help you like Till and Hans and many other great people who've helped me greatly with ispconfig on there that you can get help from if I'm not around. But that Falko guy has impressed me the most. He's one smart dude!"

(end of paste)

hehe, I would have to agree! I pasted that because I thought you'd like to hear that. I bet there are tons of people out there that are grateful for your help and tutorials.


Quote:
ISPConfig 3 has absolutely nothing to do with Typo3. I wonder why you got this impression?
Well I know its seperate from Typo3, I apologize for the ranter. I have only used Typo3 a few times over a year ago and I think it was the top buttons with the new layout on the IspConfig 3 demo that reminded me sorta of the old default typo3 template thing.

I'd LOVE to move all my IspConfig 2 web's and db's over to another server running IspConfig 3. I know how to manually .tgz up the web's and export/import the databases, but this is my problem.

I had 2 servers running ISPConfig 2, I manually cloned or moved all the websites and databases to the 2nd new server running ISPConfig 2. When I pointed port 80 etc. etc. too the new server all the websites showed up great! It looked like I had successfully cloned all my ISPConfig 2 clients to the new server.

Then I tried to send mail from my email address.

THE PROBLEM:

I could not send/receive ANY mail! When I tried to send an email from any ispconfig email address which all worked on the original server, it would return with an error. Like a postfix missmatch or something.

I'm not very educated with postfix let alone with moving or cloning it. The only thing I know about postfix is what I read from your tutorial for ispconfig2 & debian etch...back when postfix was not in the debian repository yet and your tutorial covered building postfix from source.

I would HAPPILY do a manual backup/export and move all web content and databases from my ISPConfig 2 server to the new ISPConfig 3 server.

However I'm not sure how to setup a new postfix or whatever is needed to make sure my email still goes through on the new server after the move. I used RoundCube.pkg and and a SQLite db for my webmail. I thought I had set it up on the second ISPConfig 2 server the same as I had on the first, but I could not send/receive mail. That was the only problem on the move, so I am still using ISPConfig 2 on the first server.

I would like to clone every web on IspConfig 2 and do a new IspConfig 3 install and move the webs over, but the email must work. I don't know what I did wrong.

If ISPConfig 3 has something like the remoting framework I can use for ISPConfig auto-account creation/autosignup, and if someone can help me make sure the email will work when i create email users on with the same usernames/email address accounts that existed on server 1, then I would LOVE to move to IspConfig 3 on server 2 and start helping with development on the newer ispconfig3 forums.

Thanks again for the link for the chroot SSH jail link for Debian Lenny Falko!

Hopefully I'll be able to migrate to IspConfig 3 with some help!

Long live the ISPConfig Crew!!!!

-k

Last edited by kextra1; 19th January 2011 at 22:29.
Reply With Quote
  #4  
Old 19th January 2011, 22:41
kextra1 kextra1 is offline
Senior Member
 
Join Date: Apr 2008
Posts: 121
Thanks: 12
Thanked 10 Times in 6 Posts
Default Help! IspConfig 2 chroot question

Quote:
Originally Posted by falko View Post
You must set this up manually. This link might help: http://www.howtoforge.com/chrooted-s...l-debian-lenny
I need help with your tutorial and IspConfig 2 buddy!

I see where you put this:

Code:
Match Group users
    ChrootDirectory /home
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand /usr/lib/openssh/sftp-server
For IspConfig 2 users and chroot jails should I use something like this below?

Code:
Match Group web1
    ChrootDirectory /var/www/web1
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand /usr/lib/openssh/sftp-server
Would that be right Falko? I thought I tried that and I got a Network Connection error in PuTTy. I did not do the:

"chmod 700 /var/www/web1"

to the home directory though.

Also the script you use in the tutorial for users chroot doesn't give directions on how to use the script with groups instead of usernames.

EXAMPLE:

make_chroot_jail.sh username [/path/to/chroot-shell [/path/to/chroot]]

Can we put the group for example: "web1" in place of the username?

Sorta like you showed with the /etc/ssh/sshd_config stanza using groups instead of individual users?

Will that work with this script?

Then simply instead of doing:

make_chroot_jail.sh falko /bin/bash /home

Could I do something like:

make_chroot_jail.sh web1 /bin/bash /var/www/web1

Would that work or must it be a username with the script?

Thanks, sorry for all the questions, just dont want to mess up my server



Any advice is appreciated! Thanks for your expertise again!

Last edited by kextra1; 19th January 2011 at 22:56.
Reply With Quote
  #5  
Old 20th January 2011, 18:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
 
Default

Quote:
I could not send/receive ANY mail! When I tried to send an email from any ispconfig email address which all worked on the original server, it would return with an error. Like a postfix missmatch or something.
Are there any errors in your mail log?
Are your DNS records ok (MX, PTR, SPF)? Did you update them to the new IP?

I'm afraid I can't say much about the chroot problem - it's a long time since I have used it...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
JAILKIT/ssh chroot ispconfig 2 (or anything to lock ssh) Federico Zurro Installation/Configuration 1 14th September 2009 19:05
ISPconfig Jaikit / SSH Chroot not working (Lenny) edge Installation/Configuration 20 8th May 2009 15:07
Chroot ssh login problem gral Server Operation 3 2nd November 2007 18:25
SSH Users CHROOT howser Installation/Configuration 20 2nd August 2006 08:22
ssh chroot works, but no scp for chroot users zokahn HOWTO-Related Questions 5 30th January 2006 09:33


All times are GMT +2. The time now is 04:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.