Chrooted SSH HowTo question???

This looks like the perfect "how to" for what I am needing to do. What a present Falko! Thanks!

Before using the "how to" I wanted to make sure that there would not be any conflicts with my current setup. I am setup with "The Perfect Setup--Debian Sarge" w/ISPConfig.

Do you know of any potential issues I may run into?

 

Make sure that you chroot your users to the right directory.

 

Sounds good. I think this is going to help me a lot...thanks!

 

falko,
I want to create specific users to access the respective web files. I have a website that a couple users need to access via SSH (/home/www/web5). Using the Chrooted SSH howto, it stated that he users would be jailed in /home/chroot. I don't want to provide them access to any other directories other than /home/www/web5. I am a little confused how to do this. Can you give me a little more guidance?

Thanks for any help...still a growing Linux newbie.

 

Instead of /home/chroot you can use /home/www.

 

falko, disregard the email I sent you today on the error I was getting. I fixed that.

I now have the users jailed as needed. Nice howto by the way.

The only problem is that once the user logs in, they do go to the appropriate directory (/home/www/webx/web/), but while testing it, I was able to "cd /" and go to the /home/www/webx directory adn I want to keep them in a level no lower than the web directory.

I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

Here is what the user looks like in both passwd files (main and chroot):

Code:

testuser:x:10020:100:testuser:/home/www/web[I]x[/I]/./web:/bin/bash

Did I overlook something?

Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???

 

This means that /home/www/webx is the user's root directory. So by typing

Code:

cd /

he should go to /home/www/webx.

I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... ).
Did you try WinSCP in SCP or SFTP mode?

 

Okay, I just didn't want them to see those files...

I tried each mode without success. I looked on their site and it seems there is an issue with openssh, but I need to look further. The strange thing is that I can login using WinSCP fine under root. Oh well, I'll figure it out soon enough. Thanks!

 

SCP works with WinSCP3, not SFTP

Not sure why SFTP doesn't work. SCP does. I then try both protocols with a non-chroot user and both work.

Falko, is there any reason for this? Does the patch only patch ssh/scp protocols, but not otherwise help wtih SFTP?

Also, separately, would there be anyway to set up SSH with the chroot functionality but with username/password support and quota support all via a mysql database. That is, basically permit virtual users?

I am curious because I'd love to intergrate this in with the rest of the virtual user stuff for my postfix/virtual user setup.

I see you can do something like this using proftpd, but just would love to have the same functionality for ssh...

Sunil

 

I've never heard of virtual SSH users... I don't think this is possible...

 

SSH and virtual users

Too bad. Would be nice, but admittedly more icing on the cake. Could always get to what I wanted with proFTPd if I really wanted it.

Still baffled about sftp not working with the patch. I will try to look at the sources - must be a comment about this someplace.

Sunil

 

How SCP works with WinSCP3

how configure SCP protocol in linux.

Regards
Qavi

 

You only need a running SSH daemon on your server. Then you can connect to your server with WinSCP on the SSH port (usually 22).

 

Hi, I get an error below when I try to login in.

I can ssh using all but my CHROOTed users.

------------
kernel v2.86

 

Make sure that you copied /Bin/bash to the users' chroot jails.

 

Hi,

Everything's there. I get an error no matter what shell I try to use.

I wonder what is the correct path the my /home/jail/bin/bash

I have

in /etc/passwd and /home/jail/etc/passwd.

Apparently, modifying the /home/jail/etc/passwd file does nothing.

 

What's the output of

Code:

ls -la /home/jail/bin

?

 

Below's the complete list.

Code:

total 2784
drwxr-xr-x 2 root root   4096 2006-08-07 20:02 .
drwxr-xr-x 8 root jail   4096 2006-08-06 02:10 ..
-rwxr-xr-x 1 root root 664084 2006-08-07 19:46 bash
-rwxr-xr-x 1 root root  24728 2006-08-07 19:46 bunzip2
-rwxr-xr-x 1 root root  24728 2006-08-07 19:46 bzcat
-rwxr-xr-x 1 root root   2105 2006-08-07 19:46 bzcmp
-rwxr-xr-x 1 root root   2105 2006-08-07 19:46 bzdiff
-rwxr-xr-x 1 root root   4878 2006-08-07 19:46 bzexe
-rwxr-xr-x 1 root root  24728 2006-08-07 19:46 bzip2
-rwxr-xr-x 1 root root   8140 2006-08-07 19:46 bzip2recover
-rwxr-xr-x 1 root root   1297 2006-08-07 19:46 bzless
-rwxr-xr-x 1 root root   1297 2006-08-07 19:46 bzmore
-rwxr-xr-x 1 root root  32268 2006-08-07 19:46 chgrp
-rwxr-xr-x 1 root root  29480 2006-08-07 19:46 chmod
-rwxr-xr-x 1 root root  34592 2006-08-07 19:46 chown
-rwxr-xr-x 1 root root  55340 2006-08-07 19:46 cp
-rwxr-xr-x 1 root root  76520 2006-08-07 19:46 dir
-rwxr-xr-x 1 root root  14340 2006-08-07 19:46 echo
-rwxr-xr-x 1 root root  11480 2006-08-07 20:02 false
-rwxr-xr-x 1 root root   5248 2006-08-07 19:46 fgconsole
-rwxr-xr-x 1 root root  51840 2006-08-07 19:46 gunzip
-rwxr-xr-x 1 root root   4870 2006-08-07 19:46 gzexe
-rwxr-xr-x 1 root root  51840 2006-08-07 19:46 gzip
-rwxr-xr-x 1 root root  76520 2006-08-07 19:46 ls
-rwxr-xr-x 1 root root  22156 2006-08-07 19:46 mkdir
-rwxr-xr-x 1 root root   5668 2006-08-07 19:46 mktemp
-rwxr-xr-x 1 root root  61436 2006-08-07 19:46 mv
-rwxr-xr-x 1 root root 129792 2006-08-07 19:46 nano
-rwxr-xr-x 1 root root 664084 2006-08-07 19:46 rbash
-rwxr-xr-x 1 root root  32304 2006-08-07 19:46 rm
-rwxr-xr-x 1 root root  13092 2006-08-07 19:46 rmdir
-rwxr-xr-x 1 root root 129792 2006-08-07 19:46 rnano
-rwxr-xr-x 1 root root  13884 2006-08-07 19:46 sleep
-rwxr-xr-x 1 root root 188788 2006-08-07 19:46 tar
-rwxr-xr-x 1 root root   6112 2006-08-07 19:46 tempfile
-rwxr-xr-x 1 root root  32676 2006-08-07 19:46 touch
-rwxr-xr-x 1 root root  51840 2006-08-07 19:46 uncompress
-rwxr-xr-x 1 root root  76520 2006-08-07 19:46 vdir
-rwxr-xr-x 1 root root    884 2006-08-07 19:46 which
-rwxr-xr-x 1 root root  51840 2006-08-07 19:46 zcat
-rwxr-xr-x 1 root root   1974 2006-08-07 19:46 zcmp
-rwxr-xr-x 1 root root   1974 2006-08-07 19:46 zdiff
-rwxr-xr-x 1 root root   1525 2006-08-07 19:46 zforce
-rwxr-xr-x 1 root root    103 2006-08-07 19:46 zless
-rwxr-xr-x 1 root root   3518 2006-08-07 19:46 znew

Below's the error I get. It doesn't matter which host I try to reach.

Code:

Last login: Wed Aug  9 12:54:44 2006 from localhost
/bin/bash: No such file or directory
Connection to 127.0.0.1 closed.

Thanks for the speedy replies.

 

Hm... And what's the output of

Code:

ls -la /home/jail

and

Code:

ls -la /home/jail/home/mike

?

 

/home/jail

Code:

total 32
drwxr-xr-x 8 root jail 4096 2006-08-06 02:10 .
drwxr-xr-x 5 root root 4096 2006-08-09 01:44 ..
drwxr-xr-x 2 root root 4096 2006-08-07 20:02 bin
drwxr-xr-x 2 root bin  4096 2006-08-06 02:12 dev
drwxr-xr-x 2 root bin  4096 2006-08-09 12:53 etc
drwxr-xr-x 3 root bin  4096 2006-08-07 19:05 home
drwxr-xr-x 3 root bin  4096 2006-08-07 18:58 lib
drwxr-xr-x 4 root bin  4096 2006-08-06 02:13 usr

/home/jail/home/mike

Code:

total 24
drwxr-xr-x 2 root bin 4096 2006-08-07 19:36 .
drwxr-xr-x 3 root bin 4096 2006-08-07 19:05 ..
-rw------- 1 root bin   83 2006-08-07 20:05 .bash_history
-rw-r--r-- 1 root bin  220 2006-08-07 19:05 .bash_logout
-rw-r--r-- 1 root bin  414 2006-08-07 19:05 .bash_profile
-rw-r--r-- 1 root bin 2227 2006-08-07 19:05 .bashrc
lrwxrwxrwx 1 root bin   26 2006-08-07 19:05 Examples -> /usr/share/example-content

So you see bash is there, and that /home/jail/home/mike is indeed set as a user account folder. That's really weird...