Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd December 2009, 18:38
hrvbid hrvbid is offline
Junior Member
 
Join Date: Nov 2006
Posts: 13
Thanks: 9
Thanked 14 Times in 7 Posts
Default shrooted ssh environments for ispconfig users

(ispconfig 2.2.35, ubuntu 9.10)
With openssh 4.9.x/5.x, the logic to build chrooted ssh users in just built in. Because of the new
logic, the magic separator "/./" within the users homedir assignment in passwd is no longer needed, but is
now in trouble. See http://www.howtoforge.com/forums/showthread.php?t=32459 for the basics.
To consider the history and also the new logic, a solution for ispconfig seems easy to adapt:
One strategic parameter is in /root/ispconfig/scripts/lib/config.inc.php, where
PHP Code:
$go_info["server"]["ssh_chroot"] = or 
is responsible for two actions. In case of value 1, 1st, the magic separator "/./" is used, and 2nd, the
script /root/ispconfig/scripts/shell/create_chroot_env.sh is scheduled to build the users chrooted
environment.
One solution is, to have a tri-state with $go_info["server"]["ssh_chroot"], where 0 leads to no chroot,
where 1 leads to chroot with magic "/./" and script execution, and where a new value 2 leads to omit the
magic "/./" but performs the script. The behaviour of option 0 and 1 are unchanged to support all those
with the need of the old logic, but option 2 now becomes adjusted to the new logic. The changes are most easy:
The essential file is /root/ispconfig/scripts/lib/config.lib.php, where lines
# 772-774 (insert new user)
PHP Code:
  if($go_info["server"]["ssh_chroot"] == && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 
have to change to
PHP Code:
  if($go_info["server"]["ssh_chroot"] > && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 
and lines
# 949-950 (update user)
PHP Code:
  if($go_info["server"]["ssh_chroot"] == && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 
also have to change to
PHP Code:
  if($go_info["server"]["ssh_chroot"] > && $user["user_shell"] && $web["web_shell"]) {
          
exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username");
  } 
Note, thats all to do - a really cheap solution. To be complete, a look to
/root/ispconfig/scripts/lib/config.inc.php, where line #106
$go_info["server"]["ssh_chroot"] = 2; // 0 = no, 1 = yes with old chroot path /./, 2 = yes without /./ (openssh 5.x logic)
is the example to use the new logic.
I would be happy, if the small changes would be confirmed with one of the next ispconfix 2.x releases.
Reply With Quote
The Following 4 Users Say Thank You to hrvbid For This Useful Post:
falko (24th December 2009), rockstar9840 (5th November 2010), till (27th December 2009), ybz (27th December 2009)
Sponsored Links
  #2  
Old 12th February 2010, 13:03
userman userman is offline
Member
 
Join Date: Feb 2010
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Default chroot

Hi,

I got ispconfig 2.2.35, centos 5.4 and OpenSSH_5.2p1.

I add to sshd_config:
Match Group web*
ChrootDirectory ~/
AllowTcpForwarding no

I change 0 to 1:
/home/admispconfig/ispconfig/lib/config.inc.php
$go_info["server"]["ssh_chroot"] = 1;

When I create a user from ispconfig, I get all library into the ftp account but i cant connect to sftp.
I think I get the error in sshd_config because if i dont put the new config into sshd_config, its work!

Whats the my problem?
Thanks for the help!!

** Sorry for my bad english
Reply With Quote
  #3  
Old 9th March 2010, 13:19
steve7680768 steve7680768 is offline
Junior Member
 
Join Date: Mar 2010
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default

your English is not bad at all. I have consider your problem... I will try to sort it out..
__________________
STEVE
Reply With Quote
  #4  
Old 21st June 2010, 01:07
userman userman is offline
Member
 
Join Date: Feb 2010
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i dont remember... do you active shell access from panel ispconfig for the user of the domain?
Reply With Quote
  #5  
Old 5th November 2010, 15:08
rockstar9840 rockstar9840 is offline
Junior Member
 
Join Date: Nov 2010
Posts: 13
Thanks: 9
Thanked 0 Times in 0 Posts
 
Default

Hi hrvbid, Thanks for the nice post you sharing with us.
Reply With Quote
Reply

Bookmarks

Tags
ispconfig 2, ssh chroot, ubuntu 9.10

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Clamav + samba configuration wammy28 HOWTO-Related Questions 8 31st January 2009 19:12
Cacti and ISPConfig: Monitoring Tool VMartins Tips/Tricks/Mods 11 9th August 2008 18:37
Can't enable SSH access for users TheFuzzy0ne Installation/Configuration 3 8th August 2008 16:53
Junk mail and spamassassin... sthompson Installation/Configuration 4 27th December 2006 16:11
SSH DIED - Virtual Users And Domains With Postfix, Courier And MySQL herbie HOWTO-Related Questions 2 12th December 2006 02:16


All times are GMT +2. The time now is 09:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.