Chrooted SSH HowTo question???

now here is a related "answer" to this topic

after having successfully installed ruby on rails according to the howto from howtoforge, I wanted to make it available to chrooted users, here are my modifications of the create_chroot_env.sh script:

keep in mind that these are only things you have to add to your config, not the entire config. If someone can show me errors or redundancies, I mean maybe one can simplify those commands above, please do so.

For me

can be executed by chrooted users.

 

here is another problem with the chroot howto, I stumbled upon...
I successfully added perl and sa-learn to the list of apps and I was able to learn my spam and ham with the commandline but now I can't access my Maildir any longer.

as root here is the result:

which seems ok to me, did I do something wrong? I have no clue what I might have changed in the meantime, I am sure it used to work... can someone help me?

 

What's the exact error message?

 

oops, not a very complete explanation on my side:

I hope this gives you a complete picture of the problem.

 

The problem is that the symlink uses an absolute path, and /var/www/web1 doesn't exist in the chroot jail.
You can recreate the symlink with a relative path:

Code:

rm -f Maildir
ln -s user/web1_postmaster/Maildir Maildir

 

ok but the symlinks are created systemwide, I do not know if by Debian or by the installation of ispconfig.. do you have a clue where they are created as I would like to have the Maildir available for all users...

 

The symlinks are created by ISPConfig, it's in the file /root/ispconfig/scripts/lib/classes/ispconfig_procmail.lib.php. There must be a line like this one:

Code:

$mod->log->phpcaselog(@symlink($web_path."/user/".$user_username."/Maildir", $web_path."/Maildir"), "symlink ".$web_path."/Maildir", $this->FILE, __LINE__);

that you must change.

 

Hey Guys,

chroot sshd runs fine for us. (dapper drake)

but we had a seriously error until we run an "psybnc with an ssl-connection to an ircd":
Cannot create SSL-Connection for Socket 7(1) (CONNECT)

This appears in a flood at the psyBNC statuswindow ... and after a few seconds psybnc kills himself.
if we connect psybnc to a "normal" non-ssl server, all works fine.
we have put complete /usr, /lib + /usr/lib to /home/chroot/* .

thanx in advance for any advise

 

I think you must put the socket into the chroot jail.

 

how can i do this?

 

Tell psybnc to use a socket that's in the chroot jail. You might also have to create a symlink to make the socket work inside and outside the chroot jail.

 

thats a nice idea but ... how can i do this?
in psybnc i can setup ssl path. it is /usr/local/ssl currently.
making a symlink is also a fine idea. but where should it start and where should it end?

thanks for advice.

 

Where's the socket located currently?

 

chroot does not work

Hi and thanks for the guides Falko.

I cant get the chroot patch to work although I followed your guide. Im running debian sarge/sid mix. Only difference between your installation process is that I choosed the chroot patch that matches my openssh version, and I assume this is the correct thing to do?
I did create all the dirs, copied all the files and changed the passwd entries.
Restarted my sshd after each change I did. also tried the suggested pam entries to be used with the patch (openssh-3.8.1p1-chroot/contrib/sshd.pam.generic).

no result:
test@w00t:~$ pwd
/home/chroot/./home/test

passwd entry in both passwd files:
test:x:1005:1005:,,,:/home/chroot/./home/test:/bin/bash

ls -l /home/chroot/
drwxr-sr-x 2 root staff 1024 Oct 14 17:47 bin
drwxr-sr-x 2 root staff 1024 Oct 14 17:43 dev
drwxr-sr-x 2 root staff 1024 Oct 14 17:50 etc
drwxr-sr-x 3 root staff 1024 Oct 14 17:51 home
drwxr-sr-x 3 root staff 1024 Oct 14 17:49 lib
drwxr-sr-x 5 root staff 1024 Oct 14 17:47 usr

versions:
SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4, openssh-3.8.1p1-chroot.

Any clue?

 

Hhow can i check where my socket is running?
I dont know anything about ssl-socks

Thanks falko for your endurance.

 

Can you open a new thread for this? Otherwise this one will become too confusing...

 

Isn't there a configuration file for psybnc? Or an init script? I think that the socket is specified in one of them.

 

from configfile (psybnc):
/* The Path to SSL */
#define SSLPATH "/usr/local/ssl/"

i dont have this folder and i dont know where i can find the SSLPATH for my ubuntu system.
ssl is installed, running psybnc out of chroot works fine.

 

This doesn't tell anything about the sock file.
What's the output of

Code:

updatedb
locate sock

when psybnc is running?

 

http://www.ubuntuusers.de/paste/4374/

ive cutted all the psybnc outputs/path's, there are the same as line 1-9