Prev Previous Post   Next Post Next
Old 24th December 2005, 13:39
falko falko is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts

I installed a chrooted SSH yesterday on Debian Sarge, it will go into a small howto in the next days, but basically this is how I did it:

Let's say your chroot will be in /home/chroot, and you have a user admin (whom we want ot give chrooted SSH access) in /etc/password like that:

Change that line to
The dot in /home/chroot/./home/admin is important so that OpenSSH knows that this user should be chrooted.

Now we install a new OpenSSH with chroot capabilities:

cd /tmp
tar xvfz zlib-1.2.3.tar.gz
cd zlib-1.2.3
make clean
./configure -s
make install
cd ..

apt-get install libpam0g-dev
tar xvfz openssh-4.2p1-chroot.tar.gz
cd openssh-4.2p1-chroot
./configure --exec-prefix=/usr --sysconfdir=/etc/ssh --with-pam
make install
Afterwards, we create the chroot environment:

mkdir /home/chroot/
mkdir -p /home/chroot/home/admin
chown admin:admin /home/chroot/home/admin

cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Then run the following commands on your shell:
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping"
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraryes
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir ./`dirname $l` > /dev/null 2>&1
                        cp $l ./$l
Finally do this:
cp /lib/ /lib/ /lib/ ./lib/
touch etc/passwd
grep /etc/passwd -e "^root" -e "^admin" > etc/passwd
grep /etc/group -e "^root" -e "^admin" > etc/group
#grep admin /etc/passwd >> /home/chroot/etc/passwd
echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
/etc/init.d/ssh restart
Now you can login as admin, and admin should be chrooted.
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!


nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bind chroot configuration Toffee Installation/Configuration 6 13th March 2009 16:51
users dir Alias Conflicts TheDanMan General 4 12th December 2007 11:21
Website users? ctroyp General 25 6th January 2006 19:02
Real System users exy123 General 2 12th December 2005 11:01
Chroot FTP users olli Server Operation 3 25th April 2005 12:35

All times are GMT +2. The time now is 19:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.