(ispconfig 2.2.35, ubuntu 9.10) With openssh 4.9.x/5.x, the logic to build chrooted ssh users in just built in. Because of the new logic, the magic separator "/./" within the users homedir assignment in passwd is no longer needed, but is now in trouble. See http://www.howtoforge.com/forums/showthread.php?t=32459 for the basics. To consider the history and also the new logic, a solution for ispconfig seems easy to adapt: One strategic parameter is in /root/ispconfig/scripts/lib/config.inc.php, where PHP: $go_info["server"]["ssh_chroot"] = 0 or 1 is responsible for two actions. In case of value 1, 1st, the magic separator "/./" is used, and 2nd, the script /root/ispconfig/scripts/shell/create_chroot_env.sh is scheduled to build the users chrooted environment. One solution is, to have a tri-state with $go_info["server"]["ssh_chroot"], where 0 leads to no chroot, where 1 leads to chroot with magic "/./" and script execution, and where a new value 2 leads to omit the magic "/./" but performs the script. The behaviour of option 0 and 1 are unchanged to support all those with the need of the old logic, but option 2 now becomes adjusted to the new logic. The changes are most easy: The essential file is /root/ispconfig/scripts/lib/config.lib.php, where lines # 772-774 (insert new user) PHP: if($go_info["server"]["ssh_chroot"] == 1 && $user["user_shell"] && $web["web_shell"]) { exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username"); } have to change to PHP: if($go_info["server"]["ssh_chroot"] > 0 && $user["user_shell"] && $web["web_shell"]) { exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username"); } and lines # 949-950 (update user) PHP: if($go_info["server"]["ssh_chroot"] == 1 && $user["user_shell"] && $web["web_shell"]) { exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username"); } also have to change to PHP: if($go_info["server"]["ssh_chroot"] > 0 && $user["user_shell"] && $web["web_shell"]) { exec("/root/ispconfig/scripts/shell/create_chroot_env.sh $user_username"); } Note, thats all to do - a really cheap solution. To be complete, a look to /root/ispconfig/scripts/lib/config.inc.php, where line #106 $go_info["server"]["ssh_chroot"] = 2; // 0 = no, 1 = yes with old chroot path /./, 2 = yes without /./ (openssh 5.x logic) is the example to use the new logic. I would be happy, if the small changes would be confirmed with one of the next ispconfix 2.x releases.
chroot Hi, I got ispconfig 2.2.35, centos 5.4 and OpenSSH_5.2p1. I add to sshd_config: Match Group web* ChrootDirectory ~/ AllowTcpForwarding no I change 0 to 1: /home/admispconfig/ispconfig/lib/config.inc.php $go_info["server"]["ssh_chroot"] = 1; When I create a user from ispconfig, I get all library into the ftp account but i cant connect to sftp. I think I get the error in sshd_config because if i dont put the new config into sshd_config, its work! Whats the my problem? Thanks for the help!! ** Sorry for my bad english
