Chrooted SSH HowTo question???

Discussion in 'HOWTO-Related Questions' started by ctroyp, Jan 19, 2006.

  1. falko

    falko Super Moderator ISPConfig Developer

    I'm not sure if the socket is in that output. Maybe it doesn't have the string "socket" in its name...
    Anyway, let's assume the socket was /tmp/example.sock. Then you can chroot it like this:

    Stop psybnc, then create a symbolic link:
    Code:
    ln -s /home/chroot/tmp/example.sock /tmp/example.sock 
    Then start psybnc. Now psybnc should work inside and outside the chroot jail.
     
  2. Kanedo

    Kanedo New Member

    I've fixed "/bin/bash: No such file or directory" on my CentOS 4.4 distro.

    I had this same error "/bin/bash: No such file or dirctory" that many others on getting on this thread. The actual reason for this error isn't that /bin/bash is missing in your chrooted directory. It's a library dependency that /bin/bash is missing. Using the script in the how-to didn't resolve to copy all of the dependent libraries needed by /bin/bash to your chrooted directory. To find out which ones are missing, you start by doing a 'ldd /bin/bash';
    Code:
    > ldd /bin/bash
         libtermcap.so.2 => /lib/libtermcap.so.2
         libdl.so.2 => /lib/libdl.so.2
         libc.so.6 => /lib/tls/libc.so.6
         /lib/ld-linux.so.2
    then you go down that list and see if they're in you chrooted dir.

    Code:
    > ls /home/chroot/lib/libtermcap.so.2
    /home/chroot/lib/libtermcap.so.2
    
    > ls /home/chroot/lib/libdl.so.2
    /home/chroot/lib/libdl.so.2
    
    > ls /home/chroot/lib/tls/libc.so.6
    /home/chroot/lib/tls/libc.so.6
    
    > ls /home/chroot/lib/lib/ld-linux.so.2
    ls: /home/chroot/lib/lib/ld-linux.so.2: No such file or directory

    As it turned out, I was missing "/lib/ld-linux.so.2" in my chrooted directory. Copying that to my chrooted dir fixed my problem. I've only tested this on a CentOS 4.4 installation, but this might work for others as well.

    I hope this solves your problem
     
    Last edited: Jan 28, 2007
  3. Ovidiu

    Ovidiu Active Member

    still having some issues regarding ruby and gem, here is what I am trying to do:

    I want to allow the client to install a new gem - besides the fact that it does not work, would this be safe? If so, how can I allow this and get rid of the Permission denied error?

    ###edit###
    partially solved this. as far as I found out, every page I found was only stating that imagemagick6 was required, but after instaling imagemagick6-dev gem install rmagick worked too :)
     
    Last edited: Feb 7, 2007
  4. pootle

    pootle New Member


    I confirm this is the same problem on suse 10.2 my friend has been helping me set this up and I too ended up with /bin/bash errors. When we copied the /lib/ld-linux.so.2 file over it worked, it wasn't until we came back here we found this post :)!

    So What script to we need to edit/patch to make sure this is copied over everytime a new user is created. I'd also like to add the bash.rc file as well so it looks nicer when logged in. I'm new to ISPConfig so I don't know which files need hacking up.

    THanks pootle.
     
    Last edited: Feb 24, 2007
  5. pootle

    pootle New Member

    its ok i've found it..

    its under ispconfig/scripts/shell/create_chroot_env.sh

    so I can edit what I want in there.

    I'm going to look if its possible to set up SCP and SFTP now to transfer data to the domains rather than use FTP as it gives the encryption security.

    Is it worth doing this or do people believe proftp is secure enough?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Most poeple prefer to use FTP because tools like dreamweaver does not support SCP. Also you can enable proftpd to use TLS which secures the connection with SSL.
     
  7. pootle

    pootle New Member

    Ah I didn't know you could secure proftpd :( is there any tutorials on here that explain how to do that for ISPConfig using the certificates that have been generated.

    I've got SFTP working under chroot jail now but it looks like that might be point less if i have proftpd running with the certificate.

    Thanks for you reply till.
     

Share This Page