Security Warning SSH not CHROOTED!

Discussion in 'Installation/Configuration' started by vaio1, Mar 18, 2010.

  1. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi guys only now I have discovered that all the users who connect themselves by a SSH client to the server can see all the system folders!

    How is it possible? :eek: :eek:

    Is there a way to set a Jail to it? The server is in production mode!

    thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    By default, SSH accounts are never chrooted. Personally I wont give users SSH access if it is not absolutely nescessary.

    Have you patched your SSH daemon to support chrooting for ispconfig 2?
     
  3. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi again Till, I have followed the setup tutorial in this website and I have not found any ssh patch section. Please, can u tell me what have I do?

    thanks again
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Which Linux distribution?
     
  5. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    We have the Centos 5 installed.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

  7. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Already tested but without success. :(
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    And you created a new SSH user for testing?
     
  9. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    I have enabled a user by the ISPConfig panel. is it sufficient?
     

Share This Page