Chrooted SSH HowTo question???

[ctroyp]

This looks like the perfect "how to" for what I am needing to do. What a present Falko! Thanks!

Before using the "how to" I wanted to make sure that there would not be any conflicts with my current setup. I am setup with "The Perfect Setup--Debian Sarge" w/ISPConfig.

Do you know of any potential issues I may run into?

[falko]

Make sure that you chroot your users to the right directory.

[ctroyp]

Quote:

Originally Posted by falko

Make sure that you chroot your users to the right directory.

Sounds good. I think this is going to help me a lot...thanks!

[ctroyp]

falko,
I want to create specific users to access the respective web files. I have a website that a couple users need to access via SSH (/home/www/web5). Using the Chrooted SSH howto, it stated that he users would be jailed in /home/chroot. I don't want to provide them access to any other directories other than /home/www/web5. I am a little confused how to do this. Can you give me a little more guidance?

Thanks for any help...still a growing Linux newbie.

[falko]

Instead of /home/chroot you can use /home/www.

[ctroyp]

falko, disregard the email I sent you today on the error I was getting. I fixed that.

I now have the users jailed as needed. Nice howto by the way.

The only problem is that once the user logs in, they do go to the appropriate directory (/home/www/webx/web/), but while testing it, I was able to "cd /" and go to the /home/www/webx directory adn I want to keep them in a level no lower than the web directory.

I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

Here is what the user looks like in both passwd files (main and chroot):

Code:

testuser:x:10020:100:testuser:/home/www/webx/./web:/bin/bash

Did I overlook something?

Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???

[falko]

Quote:

Originally Posted by ctroyp

I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

This means that /home/www/webx is the user's root directory. So by typing

Code:

cd /

he should go to /home/www/webx.

Quote:

Originally Posted by ctroyp

Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???

I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... ).
Did you try WinSCP in SCP or SFTP mode?

[ctroyp]

Quote:

Originally Posted by falko

This means that /home/www/webx is the user's root directory. So by typing

Code:

cd /

he should go to /home/www/webx.

Okay, I just didn't want them to see those files...

Quote:

Originally Posted by falko

I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... ).
Did you try WinSCP in SCP or SFTP mode?

I tried each mode without success. I looked on their site and it seems there is an issue with openssh, but I need to look further. The strange thing is that I can login using WinSCP fine under root. Oh well, I'll figure it out soon enough. Thanks!

[savkar]

Not sure why SFTP doesn't work. SCP does. I then try both protocols with a non-chroot user and both work.

Falko, is there any reason for this? Does the patch only patch ssh/scp protocols, but not otherwise help wtih SFTP?

Also, separately, would there be anyway to set up SSH with the chroot functionality but with username/password support and quota support all via a mysql database. That is, basically permit virtual users?

I am curious because I'd love to intergrate this in with the rest of the virtual user stuff for my postfix/virtual user setup.

I see you can do something like this using proftpd, but just would love to have the same functionality for ssh...

Sunil

[falko]

I've never heard of virtual SSH users... I don't think this is possible...