Hi all, I was just wondering if anyone has got chrooted shells working with ispconfig on centos 4.4. I can't see to get it going. I've followed the guide at http://www.howtoforge.com/chrooted_ssh_howto_debian but when I login as testuser I can see everything on the server. When I run pwd it reports: Code: /home/chroot/./home/testuser The same occurs when I login as a new ispconfig site user. Any suggestions?
I did set the setting in config.inc.php to = 1 and I created mulitple new users both on the command line and via ispconfig. So I didn't try updating other users. I don't know if its related but I just found that on the site that I added the new user via ispconfig, the other users were unable to retrieve there email via pop3. They could send but not recieve. I checked the maillog and found the following: Code: pop3-login: Internal login failure: domain.com.au.username dovecot: chroot directory no included in valid_chroot_dirs: /var/www/web1/user/domain.com.au.username Is this happening because I didn't run the update script over the user?
For a user like root that hasn't been chrooted I have Code: root:x:0:0:root:/root:/bin/bash and for a test user that I've tried to chroot I have Code: domain.com.au.test:x:10055:10001:test:/var/www/web1/user/domain.com.au.test/./:/bin/bash From what I've read, the /./ what is required? I'm trying to recompile the openssl file again, incase something went wrong.
I just did a recompile with a slightly different ./configure and I seem to be getting a little further. When I restarted the sshd I got an error about the GSSAPIAuthentication setting in the sshd_config file. This is something that ctroyp was getting at . I commented out the GSSAPIAuthentication yes line as you suggested falko and sshd restarted ok. I next tried logging in as the testuser that I created in the http://www.howtoforge.com/chrooted_ssh_howto_debian_p2 . When I do this (via putty) the window shuts down without an error. Previously I could login and get out of the home dir, but now I can't login at all. I next created a user via ispconfig but when I tried logging with putty the window shuts straight away. Previously I could login and get out of the chrooted home dir. Additionally any user on the same domain that I created the test user are getting the following error when they try to retrieve their mail via pop3. Code: dovecot: chroot directory no included in valid_chroot_dirs: /var/www/web1 pop3-login: Internal login failure: domain.com.au.username All other users on other domains are getting their mail, just not these two. Incidentially these two users are on the same domain as the test user I created above. If I set the $go_info["server"]["ssh_chroot"] setting back to 0 and make a change to one of the users on this domain, the mail starts working. So I think I'm a little closer, to the problem. Any ideas?
I think the problem is that you chroot your user to /var/www/web1/user/domain.com.au.test/./, and in that directory dovecot is looking for /var/www/web1 (which expands to /var/www/web1/user/domain.com.au.test/var/www/web1).
Thanks falko. Any ideas how to stop this? Is it a change in a shell setting or a dovecot setting. Cheers, Benjamin
I set it up exactly as the how http://www.howtoforge.com/chrooted_ssh_howto_debian said to. Is there something extra to do? While the error with dovecot is a pain, most importantly I can't get the user to stay jailed. This is the main problem, when I fix this maybe the dovecot part will also work. I've looked in the sshd_config file but I can't see any relavent settings. Any other ideas?
But I use /home/chroot as the chroot directory, and then I copy all neded files/directories to that directory.
I also do this. I've setup the chroot to be /home/chroot and then I've copied all the files like bash, ls, etc into the appropriate dirs in the /home/chroot/ . I've used ldd to make sure that the correct so's are in the /home/chroot dir. I might add that this is running on an amd opteron system with centos 64 bit version. Is there any issues with this?
But why do you use /var/www/web1/user/domain.com.au.test/./ as the chroot directory for that user? Should rather be /home/chroot/./var/www/web1/user/domain.com.au.test.
I can see what your saying, that the home dir should be /home/chroot./var/www/web1/user/domain.com.au.test. but I've never set or changed this, its just how it has always worked. Is there somewhere this can be changed. Is it a setting somewhere? When I create a user via ispconfig this is what it adds to the password file, so is there a setting in ispconfig so it will create the home dir as /home/chroot./var/www/web1/user/domain.com.au.test?
