Chrooted SSH HowTo question???

[falko]

I'm not sure if the socket is in that output. Maybe it doesn't have the string "socket" in its name...
Anyway, let's assume the socket was /tmp/example.sock. Then you can chroot it like this:

Stop psybnc, then create a symbolic link:

Code:

ln -s /home/chroot/tmp/example.sock /tmp/example.sock

Then start psybnc. Now psybnc should work inside and outside the chroot jail.

[Kanedo]

I had this same error "/bin/bash: No such file or dirctory" that many others on getting on this thread. The actual reason for this error isn't that /bin/bash is missing in your chrooted directory. It's a library dependency that /bin/bash is missing. Using the script in the how-to didn't resolve to copy all of the dependent libraries needed by /bin/bash to your chrooted directory. To find out which ones are missing, you start by doing a 'ldd /bin/bash';

Code:

> ldd /bin/bash
     libtermcap.so.2 => /lib/libtermcap.so.2
     libdl.so.2 => /lib/libdl.so.2
     libc.so.6 => /lib/tls/libc.so.6
     /lib/ld-linux.so.2

then you go down that list and see if they're in you chrooted dir.

Code:

> ls /home/chroot/lib/libtermcap.so.2
/home/chroot/lib/libtermcap.so.2

> ls /home/chroot/lib/libdl.so.2
/home/chroot/lib/libdl.so.2

> ls /home/chroot/lib/tls/libc.so.6
/home/chroot/lib/tls/libc.so.6

> ls /home/chroot/lib/lib/ld-linux.so.2
ls: /home/chroot/lib/lib/ld-linux.so.2: No such file or directory

As it turned out, I was missing "/lib/ld-linux.so.2" in my chrooted directory. Copying that to my chrooted dir fixed my problem. I've only tested this on a CentOS 4.4 installation, but this might work for others as well.

I hope this solves your problem

[Ovidiu]

still having some issues regarding ruby and gem, here is what I am trying to do:

Quote:

gem install rmagick
Attempting local installation of 'rmagick'
Local gem file not found: rmagick*.gem
Attempting remote installation of 'rmagick'
Updating Gem source index for: http://gems.rubyforge.org
ERROR: While executing gem ... (Errno::EACCES)
Permission denied - /usr/lib/ruby/gems/1.8/cache/rmagick-1.15.2.gem

I want to allow the client to install a new gem - besides the fact that it does not work, would this be safe? If so, how can I allow this and get rid of the Permission denied error?

###edit###
partially solved this. as far as I found out, every page I found was only stating that imagemagick6 was required, but after instaling imagemagick6-dev gem install rmagick worked too :-)

[pootle]

Quote:

Originally Posted by Kanedo

I had this same error "/bin/bash: No such file or dirctory" that many others on getting on this thread. The actual reason for this error isn't that /bin/bash is missing in your chrooted directory. It's a library dependency that /bin/bash is missing. Using the script in the how-to didn't resolve to copy all of the dependent libraries needed by /bin/bash to your chrooted directory. To find out which ones are missing, you start by doing a 'ldd /bin/bash';

Code:

> ldd /bin/bash
     libtermcap.so.2 => /lib/libtermcap.so.2
     libdl.so.2 => /lib/libdl.so.2
     libc.so.6 => /lib/tls/libc.so.6
     /lib/ld-linux.so.2

then you go down that list and see if they're in you chrooted dir.

Code:

> ls /home/chroot/lib/libtermcap.so.2
/home/chroot/lib/libtermcap.so.2

> ls /home/chroot/lib/libdl.so.2
/home/chroot/lib/libdl.so.2

> ls /home/chroot/lib/tls/libc.so.6
/home/chroot/lib/tls/libc.so.6

> ls /home/chroot/lib/lib/ld-linux.so.2
ls: /home/chroot/lib/lib/ld-linux.so.2: No such file or directory

As it turned out, I was missing "/lib/ld-linux.so.2" in my chrooted directory. Copying that to my chrooted dir fixed my problem. I've only tested this on a CentOS 4.4 installation, but this might work for others as well.

I hope this solves your problem

I confirm this is the same problem on suse 10.2 my friend has been helping me set this up and I too ended up with /bin/bash errors. When we copied the /lib/ld-linux.so.2 file over it worked, it wasn't until we came back here we found this post !

So What script to we need to edit/patch to make sure this is copied over everytime a new user is created. I'd also like to add the bash.rc file as well so it looks nicer when logged in. I'm new to ISPConfig so I don't know which files need hacking up.

THanks pootle.

[pootle]

its ok i've found it..

its under ispconfig/scripts/shell/create_chroot_env.sh

so I can edit what I want in there.

I'm going to look if its possible to set up SCP and SFTP now to transfer data to the domains rather than use FTP as it gives the encryption security.

Is it worth doing this or do people believe proftp is secure enough?

[till]

Quote:

Is it worth doing this or do people believe proftp is secure enough?

Most poeple prefer to use FTP because tools like dreamweaver does not support SCP. Also you can enable proftpd to use TLS which secures the connection with SSL.

[pootle]

Quote:

Originally Posted by till

Most poeple prefer to use FTP because tools like dreamweaver does not support SCP. Also you can enable proftpd to use TLS which secures the connection with SSL.

Ah I didn't know you could secure proftpd is there any tutorials on here that explain how to do that for ISPConfig using the certificates that have been generated.

I've got SFTP working under chroot jail now but it looks like that might be point less if i have proftpd running with the certificate.

Thanks for you reply till.