chrooted SSH + Debian Etch

Discussion in 'Installation/Configuration' started by LeoLinux, Aug 12, 2007.

  1. LeoLinux

    LeoLinux New Member

    Hi,

    has any body an idea how to chroot SSH in Debian Etch 4.0?
    I know this howto here: http://howtoforge.com/chrooted_ssh_howto_debian
    but it's sadly only for Debian Sarge ... and the Scripts won't work for Etch ;-/



    Thanks


    Leander
     
  2. thanis

    thanis New Member

    Hi, were you able to install all necessary packages with apt-get (newer ssl is openssl-0.9.8 I believe). And if so, did you get any error output when running the script ?

    Except for Falko's "incredimail" script, all the rest are basic linux/shell commands.

    Kind regards,
    Thanis
     
  3. LeoLinux

    LeoLinux New Member

    ????? Waht are you talking about ??? Do you mean if I got openssl-0.9.8 ready for a jailed user?

    I am even not able to jail anybody, beause the script of Falko is only for Sarge users.


    But, I fund something ....

    http://howtoforge.com/forums/attachment.php?attachmentid=402&d=1175003548

    BUT I don't realy understand how to use it .... I don't know if I still have to install software how Falkos howto describes that ... like 1 Install The Newest Zlib Version, or 2 Install The Chrooted SSH and so on ...

    It would be helpful if somebody can give me some ideas how to go on.

    Thank you very much!


    Leander

    :)
     
  4. falko

    falko Super Moderator ISPConfig Developer

    I haven't tried this on Etch, but I'll try to write a tutorial about it. :)
     
  5. thanis

    thanis New Member

    The tutorial is fine actually, it only needs a VERY small bit of tweaking for it to work on Debian Etch:

    1.Don't do the zlib install !
    2.
    Code:
    apt-get install libpam0g-dev openssl libcrypto++-dev libssl0.9.8 libssl-dev ssh zlib1g zlib1g-dev zlibc build-essential
    3. then just follow the tutorial (the script is not actually important). But what falko forgot to mention, is that you need to copy the "script" contents to a file (e.g.: /home/chroot/chroot.sh) and then run that script:
    Code:
     chmod +x /home/chroot/chroot.sh
    /home/chroot/chroot.sh
    Then follow the rest of the tutorial.

    Like I said, its just a question of updating your apt packages to etch level !

    GRtz,
    Thanis
     
  6. LeoLinux

    LeoLinux New Member

    Hi,

    thank you for your helpful response - but I seem to stupid for it ;-)

    just step for step:


    1. Don't install the zlib

    2. Install The Chrooted SSH ? What about that? Should I do this step?

    3. Create The Chroot Environment ? What about that? Should I do this step exactly how it's described in the Howto?

    What about the part with the script? Should I skip executing his script?

    What about the steps written under the script part ... like
    Should I go one from there until step 4 ?


    And _what_ script are you talking about ... the script I linked up in this thread or the one from Falko's howto?

    Sorry for those stupid questions .. - I just want to make sure before I kill my installation again ;-)


    Regards,

    Leander
     
  7. thanis

    thanis New Member

    Well ... all answers are positive to your questions.
    Yes, install the chrooted SSH (download from sourceforge).
    Yes, execute the script (use the one you mentioned, it's better than in the tutorial :) )
    Yes, copy the files.
    Yes, keep following the tutorial untill the end.
    No, never use root as your chrooted user :p

    Grtz,
    Thanis
     
  8. LeoLinux

    LeoLinux New Member

    hmm thanks .... but the script which I mentioned didn't work ;-( nearly every command endet in a mess .. ... and those mysql pathes aren't there ...

    and I'm still not sure if I should do step
    Code:
    mkdir /home/chroot/
    mkdir /home/chroot/home/
    cd /home/chroot
    mkdir etc
    mkdir bin
    mkdir lib
    mkdir usr
    mkdir usr/bin
    mkdir dev
    mknod dev/null c 1 3
    mknod dev/zero c 1 5
    before I execute any of those both scripts or not?!


    Thank you very much

    ;-)

    Leander
     
  9. LeoLinux

    LeoLinux New Member

    Hi,

    has no body an idea, or any good howto?

    How far is Falko with his new howto for Etch? ;-)


    Leander
     
  10. falko

    falko Super Moderator ISPConfig Developer

    I haven't started yet - so many other things to do... But it's on my list. :)
     
  11. LeoLinux

    LeoLinux New Member

    I don't want to push you Falko ;-) but when do you guess you're able to publish a howto? I'm kind of lost without that ;-/

    Thank you very much


    Leander
     
  12. lauer

    lauer New Member

    I got it to work

    Hello
    I have just followed the guide on a Debian Etch AMD64, and the only problem I had, was that an error about /bin/bash not could be found.
    A quick search on google gave me the result, that a lib-file was missing.
    `ldd /bin/bash`
    shows whats files the program need. And the guide didn't say anything about
    /lib64/ld-linux-x86-64.so.2
    After adding this to the chroot, Its work without problems.
     
  13. LeoLinux

    LeoLinux New Member

    Hi,

    Thanks for your response. Can you tell me where you found this tutorial, or do you have a link?


    Leander
     
  14. lauer

    lauer New Member

    I use the same tutorial as you.

    I only have som problems with sftp, where the connection are closed after password supplied. But ssh til the chroot works fine.
     
  15. LeoLinux

    LeoLinux New Member

    Ok - I did it ...

    Hi again ...

    ok ... , I did it .. and it seems to work ... the users are jailed ... BUT .. if I type as root
    Code:
    ssh -l user 10.1.10.1
    the following error appears:

    Code:
    /etc/ssh/ssh_config line 45: Unsupported option "GSSAPIAuthentication"
    /etc/ssh/ssh_config line 46: Unsupported option "GSSAPIDelegateCredentials"
    
    but the connection goes on ... it seems as I could ignore it ... but why shows that up?? should I hav compiled those options with the ssh chroot patch before?? Or should I easily just comment those Lines out ;-) ?


    Leander
     
  16. 8c2gon

    8c2gon New Member

    sftp

    Thanks for all of the tips on this folks - I have also just managed to get to the stage that LeoLinux is at.

    I can't figure out how to get sFTP working tho - know it's not a "real" protocol, I have tried copying over a few things but an getting the message..

    sftp [email protected]
    Request for subsystem 'sftp' failed on channel 0
    Couldn't read packet: Connection reset by peer.

    Can anyone tell me what I need to do?

    Thanks in advance..
     
  17. falko

    falko Super Moderator ISPConfig Developer

    Any errors in your logs?
     
  18. 8c2gon

    8c2gon New Member

    Logs

    Thanks for reply Falko,

    I don't seem to have a log file for SSH - I don't have a file \var\log\secure - should this have been setup automatically or is it something that I should have done? I'm a noob at this stuff, please excuse my ignorance.

    I can log in fine with a user that is not jailed, so at a guess I need to add somehting else to the chroot environment, just not too sure.
     
  19. falko

    falko Super Moderator ISPConfig Developer

    Take a look at /var/log/auth.log.
     
  20. 8c2gon

    8c2gon New Member

    Got it

    Thanks Falko again for the response. The auth log wasn't showing me anything, it was showing all the authentications as accepted. I actually managed to find this out today, If anyone is interested this is what I had to do.

    Replace this line in the sshd_config file:

    Subsystem sftp /usr/lib/openssh/sftp-server

    With this line:

    Subsystem sftp /usr/lib/sftp-server

    that got rid of the subsystem error. And I got connected okay.

    Thanks to one and all!

    8c2
     

Share This Page