Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th January 2006, 17:12
ctroyp ctroyp is offline
Senior Member
 
Join Date: Sep 2005
Posts: 292
Thanks: 3
Thanked 2 Times in 1 Post
Default Chrooted SSH HowTo question???

This looks like the perfect "how to" for what I am needing to do. What a present Falko! Thanks!

Before using the "how to" I wanted to make sure that there would not be any conflicts with my current setup. I am setup with "The Perfect Setup--Debian Sarge" w/ISPConfig.

Do you know of any potential issues I may run into?
Reply With Quote
Sponsored Links
  #2  
Old 19th January 2006, 20:56
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

Make sure that you chroot your users to the right directory.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 19th January 2006, 20:58
ctroyp ctroyp is offline
Senior Member
 
Join Date: Sep 2005
Posts: 292
Thanks: 3
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by falko
Make sure that you chroot your users to the right directory.
Sounds good. I think this is going to help me a lot...thanks!
Reply With Quote
  #4  
Old 28th January 2006, 16:59
ctroyp ctroyp is offline
Senior Member
 
Join Date: Sep 2005
Posts: 292
Thanks: 3
Thanked 2 Times in 1 Post
Default

falko,
I want to create specific users to access the respective web files. I have a website that a couple users need to access via SSH (/home/www/web5). Using the Chrooted SSH howto, it stated that he users would be jailed in /home/chroot. I don't want to provide them access to any other directories other than /home/www/web5. I am a little confused how to do this. Can you give me a little more guidance?

Thanks for any help...still a growing Linux newbie.
Reply With Quote
  #5  
Old 29th January 2006, 01:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

Instead of /home/chroot you can use /home/www.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 11th February 2006, 22:34
ctroyp ctroyp is offline
Senior Member
 
Join Date: Sep 2005
Posts: 292
Thanks: 3
Thanked 2 Times in 1 Post
Default

falko, disregard the email I sent you today on the error I was getting. I fixed that.

I now have the users jailed as needed. Nice howto by the way.

The only problem is that once the user logs in, they do go to the appropriate directory (/home/www/webx/web/), but while testing it, I was able to "cd /" and go to the /home/www/webx directory adn I want to keep them in a level no lower than the web directory.

I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

Here is what the user looks like in both passwd files (main and chroot):
Code:
testuser:x:10020:100:testuser:/home/www/webx/./web:/bin/bash
Did I overlook something?

Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???
Reply With Quote
  #7  
Old 12th February 2006, 10:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by ctroyp
I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.
This means that /home/www/webx is the user's root directory. So by typing
Code:
cd /
he should go to /home/www/webx.

Quote:
Originally Posted by ctroyp
Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???
I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... ).
Did you try WinSCP in SCP or SFTP mode?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 12th February 2006, 22:50
ctroyp ctroyp is offline
Senior Member
 
Join Date: Sep 2005
Posts: 292
Thanks: 3
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by falko
This means that /home/www/webx is the user's root directory. So by typing
Code:
cd /
he should go to /home/www/webx.
Okay, I just didn't want them to see those files...

Quote:
Originally Posted by falko
I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... ).
Did you try WinSCP in SCP or SFTP mode?
I tried each mode without success. I looked on their site and it seems there is an issue with openssh, but I need to look further. The strange thing is that I can login using WinSCP fine under root. Oh well, I'll figure it out soon enough. Thanks!
Reply With Quote
  #9  
Old 13th February 2006, 13:25
savkar savkar is offline
Junior Member
 
Join Date: Jan 2006
Location: Brooklyn, New York
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default SCP works with WinSCP3, not SFTP

Not sure why SFTP doesn't work. SCP does. I then try both protocols with a non-chroot user and both work.

Falko, is there any reason for this? Does the patch only patch ssh/scp protocols, but not otherwise help wtih SFTP?

Also, separately, would there be anyway to set up SSH with the chroot functionality but with username/password support and quota support all via a mysql database. That is, basically permit virtual users?

I am curious because I'd love to intergrate this in with the rest of the virtual user stuff for my postfix/virtual user setup.

I see you can do something like this using proftpd, but just would love to have the same functionality for ssh...

Sunil
Reply With Quote
  #10  
Old 13th February 2006, 17:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,900
Thanked 2,702 Times in 2,545 Posts
 
Default

I've never heard of virtual SSH users... I don't think this is possible...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SuSe 9.3 64-bit apt-get question... Bailx HOWTO-Related Questions 9 27th January 2006 11:26
Debian Question AngelDrago Installation/Configuration 8 18th January 2006 06:05
RHEL 4 Howto g8rbait Suggest HOWTO 12 29th December 2005 21:36
Small question misterm Installation/Configuration 1 18th October 2005 13:07
Newbie question thedude General 2 15th August 2005 14:38


All times are GMT +2. The time now is 17:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.