Prev Previous Post   Next Post Next
  #11  
Old 24th December 2005, 12:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I installed a chrooted SSH yesterday on Debian Sarge, it will go into a small howto in the next days, but basically this is how I did it:

Let's say your chroot will be in /home/chroot, and you have a user admin (whom we want ot give chrooted SSH access) in /etc/password like that:

Code:
admin:x:1000:1000:admin,,,:/home/admin:/bin/bash
Change that line to
Code:
admin:x:1000:1000:admin,,,:/home/chroot/./home/admin:/bin/bash
The dot in /home/chroot/./home/admin is important so that OpenSSH knows that this user should be chrooted.

Now we install a new OpenSSH with chroot capabilities:

Code:
cd /tmp
wget http://www.zlib.net/zlib-1.2.3.tar.gz
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
make clean
./configure -s
make
make install
cd ..

apt-get install libpam0g-dev
wget http://chrootssh.sourceforge.net/download/openssh-4.2p1-chroot.tar.gz
tar xvfz openssh-4.2p1-chroot.tar.gz
cd openssh-4.2p1-chroot
./configure --exec-prefix=/usr --sysconfdir=/etc/ssh --with-pam
make
make install
Afterwards, we create the chroot environment:

Code:
mkdir /home/chroot/
mkdir -p /home/chroot/home/admin
chown admin:admin /home/chroot/home/admin

cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Then run the following commands on your shell:
Code:
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping"
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraryes
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir ./`dirname $l` > /dev/null 2>&1
                        cp $l ./$l
                done
        fi
done
Finally do this:
Code:
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
touch etc/passwd
grep /etc/passwd -e "^root" -e "^admin" > etc/passwd
grep /etc/group -e "^root" -e "^admin" > etc/group
#grep admin /etc/passwd >> /home/chroot/etc/passwd
echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
/etc/init.d/ssh restart
Now you can login as admin, and admin should be chrooted.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind chroot configuration Toffee Installation/Configuration 6 13th March 2009 15:51
users dir Alias Conflicts TheDanMan General 4 12th December 2007 10:21
Website users? ctroyp General 25 6th January 2006 18:02
Real System users exy123 General 2 12th December 2005 10:01
Chroot FTP users olli Server Operation 3 25th April 2005 11:35


All times are GMT +2. The time now is 15:09.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.