Comments on Chrooted SSH/SFTP Tutorial (Debian Etch)

Chrooted SSH/SFTP Tutorial (Debian Etch) This tutorial describes two ways how to give users chrooted SSH access. With this setup, you can give your users shell access without having to fear that they can see your whole system. Your users will be jailed in a specific directory which they will not be able to break out of. The users will also be able to use SFTP in their chroot jails.

11 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:
Reply  

Ubuntu 8.04 LTS has now libssl0.9.8 instead of the older libssl0.9.7

So these days the updated command should look like this...

apt-get install libpam0g-dev openssl libcrypto++-dev libssl0.9.8 libssl-dev ssh build-essential bzip2

By:
Reply  

Thanks for your up to date . It help me thank again

By: DeluXe
Reply  

On Debian you also have to copy the diretory /lib64, otherwise you get an error like this:

# ssh testuser@myserver
testuser@myserver's password:
/bin/bash: No such file or directory
Connection to myserver closed.
 

By: apt
Reply  

#!/bin/bash

CHRD=/home/chroot

apps="
    bash
    cp
    ls
    mkdir
    mv
    pwd
    rm
    rmdir
    id
    ssh
    ping
    dircolors
    vi
    sftp
    sftp-server
"

apps=$(which --skip-alias --skip-functions $APPS)

libs=$(ldd $apps |
    grep -v : | grep / |
    sed 's%^.*[[:space:]]\(/[-[:alnum:]/._]*\)[[:space:]].*$%\1%' |
    sort -u)

for i in $apps $libs; do
    dirname=$CHRD/$(dirname $i)
    [ ! -d $dirname ] && mkdir -p $dirname
    cp $i $dirname
done


By: Anonymous
Reply  

Another way is to create user groups that are set by default to use SFTP. If you wanted everyone to use that then you could set that for the default group.

By: Narcis Garcia
Reply  

I read this guide about the SFTP server part, and I've learnt with a lot of tutorials as this one. I link here my compendium to configure better clients and servers:

http://wiki.lapipaplena.org/index.php/How_to_mount_SFTP_accesses

(with special care for users and permissions)

By: Anonymous
Reply  

I followed all the steps, but when i loggin via ssh and sftp, i still can see whole directories outside chroot home. Any suggestion ?

By: Marius
Reply  

Me too. Can navigate outside and change files in /home/user.

Any other options:

- /etc/passwd restrictions

- rbash

failed as well, by either cannot login or other linoxe effects.

By: selcuk
Reply  

Hi, i 've same problem . i added chroot line in sshd_config. but this time i cannot create files in root folder of user. also ssh client dowesn't work , because cannot create .ssh and known host files. 

By: selcuk
Reply  

Hi,

i apply all steps. also i addes sshd_config chroot %h. user can see their on folders. but i wantto run in sheel ssh command. but i can't create folder in root folder because of root folder owner is root . also cannot create regular file in root folder. 

 

thanks in advance.

By: Jon McCain
Reply  

Here is a patch file to fix make_chroot_jail.sh so it works with Debian 8.2 (aka Jessie) 32-bit. In theory it should work with the amd64 version too as I looked up the new lib folder names for it too. But I have not tested that.

http://www.jonmccain.net/downloads/make_chroot_jail_jessie.patch

use the command:

patch -i make_chroot_jail_jessie.patch -o make_chroot_jail_jessie.sh

to get the new script.