Chrooted SSH HowTo question???

Discussion in 'HOWTO-Related Questions' started by ctroyp, Jan 19, 2006.

  1. ctroyp

    ctroyp New Member HowtoForge Supporter

    This looks like the perfect "how to" for what I am needing to do. What a present Falko! Thanks!

    Before using the "how to" I wanted to make sure that there would not be any conflicts with my current setup. I am setup with "The Perfect Setup--Debian Sarge" w/ISPConfig.

    Do you know of any potential issues I may run into?
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Make sure that you chroot your users to the right directory.
     
  3. ctroyp

    ctroyp New Member HowtoForge Supporter

    Sounds good. I think this is going to help me a lot...thanks!
     
  4. ctroyp

    ctroyp New Member HowtoForge Supporter

    falko,
    I want to create specific users to access the respective web files. I have a website that a couple users need to access via SSH (/home/www/web5). Using the Chrooted SSH howto, it stated that he users would be jailed in /home/chroot. I don't want to provide them access to any other directories other than /home/www/web5. I am a little confused how to do this. Can you give me a little more guidance?

    Thanks for any help...still a growing Linux newbie. :rolleyes:
     
  5. falko

    falko Super Moderator Howtoforge Staff

    Instead of /home/chroot you can use /home/www.
     
  6. ctroyp

    ctroyp New Member HowtoForge Supporter

    falko, disregard the email I sent you today on the error I was getting. I fixed that.

    I now have the users jailed as needed. Nice howto by the way.

    The only problem is that once the user logs in, they do go to the appropriate directory (/home/www/webx/web/), but while testing it, I was able to "cd /" and go to the /home/www/webx directory adn I want to keep them in a level no lower than the web directory.

    I have the bin, dev, etc, lib, and usr directories stored in /home/www/webx.

    Here is what the user looks like in both passwd files (main and chroot):
    Code:
    testuser:x:10020:100:testuser:/home/www/web[I]x[/I]/./web:/bin/bash
    Did I overlook something?

    Also, I am not able to use WinSCP3 to login with the user. Have you tried using WinSCP with any success? I believe they have a bug within the application???
     
  7. falko

    falko Super Moderator Howtoforge Staff

    This means that /home/www/webx is the user's root directory. So by typing
    Code:
    cd /
    he should go to /home/www/webx.

    I'm not quite sure if I tested this, but I think so (maybe I should write a protocol about the things I do... :D ).
    Did you try WinSCP in SCP or SFTP mode?
     
  8. ctroyp

    ctroyp New Member HowtoForge Supporter

    Okay, I just didn't want them to see those files...

    I tried each mode without success. I looked on their site and it seems there is an issue with openssh, but I need to look further. The strange thing is that I can login using WinSCP fine under root. Oh well, I'll figure it out soon enough. Thanks!
     
  9. savkar

    savkar New Member

    SCP works with WinSCP3, not SFTP

    Not sure why SFTP doesn't work. SCP does. I then try both protocols with a non-chroot user and both work.

    Falko, is there any reason for this? Does the patch only patch ssh/scp protocols, but not otherwise help wtih SFTP?

    Also, separately, would there be anyway to set up SSH with the chroot functionality but with username/password support and quota support all via a mysql database. That is, basically permit virtual users?

    I am curious because I'd love to intergrate this in with the rest of the virtual user stuff for my postfix/virtual user setup.

    I see you can do something like this using proftpd, but just would love to have the same functionality for ssh...

    Sunil
     
  10. falko

    falko Super Moderator Howtoforge Staff

    I've never heard of virtual SSH users... I don't think this is possible...
     
  11. savkar

    savkar New Member

    SSH and virtual users

    Too bad. Would be nice, but admittedly more icing on the cake. Could always get to what I wanted with proFTPd if I really wanted it.

    Still baffled about sftp not working with the patch. I will try to look at the sources - must be a comment about this someplace.

    Sunil
     
  12. zaqavis

    zaqavis New Member

    How SCP works with WinSCP3

    how configure SCP protocol in linux.

    Regards
    Qavi
     
  13. falko

    falko Super Moderator Howtoforge Staff

    You only need a running SSH daemon on your server. Then you can connect to your server with WinSCP on the SSH port (usually 22).
     
  14. Soap_Dude

    Soap_Dude New Member

    Hi, I get an error below when I try to login in.

    I can ssh using all but my CHROOTed users.

    ------------
    kernel v2.86
     
  15. falko

    falko Super Moderator Howtoforge Staff

    Make sure that you copied /Bin/bash to the users' chroot jails.
     
  16. Soap_Dude

    Soap_Dude New Member

    Hi,

    Everything's there. I get an error no matter what shell I try to use.

    I wonder what is the correct path the my /home/jail/bin/bash

    I have
    in /etc/passwd and /home/jail/etc/passwd.

    Apparently, modifying the /home/jail/etc/passwd file does nothing.
     
    Last edited: Aug 9, 2006
  17. falko

    falko Super Moderator Howtoforge Staff

    What's the output of
    Code:
    ls -la /home/jail/bin
    ?
     
  18. Soap_Dude

    Soap_Dude New Member

    Below's the complete list.

    Code:
    total 2784
    drwxr-xr-x 2 root root   4096 2006-08-07 20:02 .
    drwxr-xr-x 8 root jail   4096 2006-08-06 02:10 ..
    -rwxr-xr-x 1 root root 664084 2006-08-07 19:46 bash
    -rwxr-xr-x 1 root root  24728 2006-08-07 19:46 bunzip2
    -rwxr-xr-x 1 root root  24728 2006-08-07 19:46 bzcat
    -rwxr-xr-x 1 root root   2105 2006-08-07 19:46 bzcmp
    -rwxr-xr-x 1 root root   2105 2006-08-07 19:46 bzdiff
    -rwxr-xr-x 1 root root   4878 2006-08-07 19:46 bzexe
    -rwxr-xr-x 1 root root  24728 2006-08-07 19:46 bzip2
    -rwxr-xr-x 1 root root   8140 2006-08-07 19:46 bzip2recover
    -rwxr-xr-x 1 root root   1297 2006-08-07 19:46 bzless
    -rwxr-xr-x 1 root root   1297 2006-08-07 19:46 bzmore
    -rwxr-xr-x 1 root root  32268 2006-08-07 19:46 chgrp
    -rwxr-xr-x 1 root root  29480 2006-08-07 19:46 chmod
    -rwxr-xr-x 1 root root  34592 2006-08-07 19:46 chown
    -rwxr-xr-x 1 root root  55340 2006-08-07 19:46 cp
    -rwxr-xr-x 1 root root  76520 2006-08-07 19:46 dir
    -rwxr-xr-x 1 root root  14340 2006-08-07 19:46 echo
    -rwxr-xr-x 1 root root  11480 2006-08-07 20:02 false
    -rwxr-xr-x 1 root root   5248 2006-08-07 19:46 fgconsole
    -rwxr-xr-x 1 root root  51840 2006-08-07 19:46 gunzip
    -rwxr-xr-x 1 root root   4870 2006-08-07 19:46 gzexe
    -rwxr-xr-x 1 root root  51840 2006-08-07 19:46 gzip
    -rwxr-xr-x 1 root root  76520 2006-08-07 19:46 ls
    -rwxr-xr-x 1 root root  22156 2006-08-07 19:46 mkdir
    -rwxr-xr-x 1 root root   5668 2006-08-07 19:46 mktemp
    -rwxr-xr-x 1 root root  61436 2006-08-07 19:46 mv
    -rwxr-xr-x 1 root root 129792 2006-08-07 19:46 nano
    -rwxr-xr-x 1 root root 664084 2006-08-07 19:46 rbash
    -rwxr-xr-x 1 root root  32304 2006-08-07 19:46 rm
    -rwxr-xr-x 1 root root  13092 2006-08-07 19:46 rmdir
    -rwxr-xr-x 1 root root 129792 2006-08-07 19:46 rnano
    -rwxr-xr-x 1 root root  13884 2006-08-07 19:46 sleep
    -rwxr-xr-x 1 root root 188788 2006-08-07 19:46 tar
    -rwxr-xr-x 1 root root   6112 2006-08-07 19:46 tempfile
    -rwxr-xr-x 1 root root  32676 2006-08-07 19:46 touch
    -rwxr-xr-x 1 root root  51840 2006-08-07 19:46 uncompress
    -rwxr-xr-x 1 root root  76520 2006-08-07 19:46 vdir
    -rwxr-xr-x 1 root root    884 2006-08-07 19:46 which
    -rwxr-xr-x 1 root root  51840 2006-08-07 19:46 zcat
    -rwxr-xr-x 1 root root   1974 2006-08-07 19:46 zcmp
    -rwxr-xr-x 1 root root   1974 2006-08-07 19:46 zdiff
    -rwxr-xr-x 1 root root   1525 2006-08-07 19:46 zforce
    -rwxr-xr-x 1 root root    103 2006-08-07 19:46 zless
    -rwxr-xr-x 1 root root   3518 2006-08-07 19:46 znew
    
    Below's the error I get. It doesn't matter which host I try to reach.
    Code:
    Last login: Wed Aug  9 12:54:44 2006 from localhost
    /bin/bash: No such file or directory
    Connection to 127.0.0.1 closed.
    
    Thanks for the speedy replies.
     
  19. falko

    falko Super Moderator Howtoforge Staff

    Hm... And what's the output of
    Code:
    ls -la /home/jail
    and
    Code:
    ls -la /home/jail/home/mike
    ?
     
  20. Soap_Dude

    Soap_Dude New Member

    /home/jail
    Code:
    total 32
    drwxr-xr-x 8 root jail 4096 2006-08-06 02:10 .
    drwxr-xr-x 5 root root 4096 2006-08-09 01:44 ..
    drwxr-xr-x 2 root root 4096 2006-08-07 20:02 bin
    drwxr-xr-x 2 root bin  4096 2006-08-06 02:12 dev
    drwxr-xr-x 2 root bin  4096 2006-08-09 12:53 etc
    drwxr-xr-x 3 root bin  4096 2006-08-07 19:05 home
    drwxr-xr-x 3 root bin  4096 2006-08-07 18:58 lib
    drwxr-xr-x 4 root bin  4096 2006-08-06 02:13 usr
    

    /home/jail/home/mike
    Code:
    total 24
    drwxr-xr-x 2 root bin 4096 2006-08-07 19:36 .
    drwxr-xr-x 3 root bin 4096 2006-08-07 19:05 ..
    -rw------- 1 root bin   83 2006-08-07 20:05 .bash_history
    -rw-r--r-- 1 root bin  220 2006-08-07 19:05 .bash_logout
    -rw-r--r-- 1 root bin  414 2006-08-07 19:05 .bash_profile
    -rw-r--r-- 1 root bin 2227 2006-08-07 19:05 .bashrc
    lrwxrwxrwx 1 root bin   26 2006-08-07 19:05 Examples -> /usr/share/example-content
    
    So you see bash is there, and that /home/jail/home/mike is indeed set as a user account folder. That's really weird...
     

Share This Page