topic chroot ssh implementation in Operating System - Linux

chroot ssh implementation

Atul Gautam — Thu, 21 Sep 2006 06:43:34 GMT

Xperts,

How can we setup a chrooted SSH.

I've gone through a no. of webpages but they have got their own tools or packages or patches that I do not want to use rather I want to implement it using the default packages available in RHEL.

Tried implementing the pam_chroot.so & also used /etc/security/chroot.conf but didn't succeed.

So, kindly help me in implementing this using step by step approach....

Thanks a lot in advance!!!

ATUL

Re: chroot ssh implementation

Ivan Ferreira — Thu, 21 Sep 2006 08:34:12 GMT

Attached is a step by step guide.

Re: chroot ssh implementation

Atul Gautam — Thu, 21 Sep 2006 08:52:44 GMT

Thanks Ivan,

thanks a lot for this pdf but i've already gone through this one and couldn't implement the same...that's why I had to go for some expert advice.

Please correct me and suggest me beside what I did ---

1) Creating a chroot dir (such as /home/chroot)

2) Creating supporting directories (such as /lib, /usr/lib, /home, /bin)

3) Copying necessary files from actual directories to the ones creating under chrooted directory.

4) Adding users and specifying their home directory as the path to the chroot dir.

5) Specifying the shell present under chroot dir.

6) Editing /etc/security/chroot.conf and specifying information in the format ---

e.g. example /tmp/chroot/home/example

7) Editing /etc/pam.d/ssh and mentioning ---
session required pam_chroot.so

WHAT ELSE DO I NEED TO DO........???

Kindly suggest me.....

If i'm wrong at this point then do correct me considering yourself as an expert and me as a newbie....

--
Atul

Re: chroot ssh implementation

Atul Gautam — Mon, 16 Oct 2006 09:30:58 GMT

Hi Xperts,

Kindly help me....
Do I need to perform any other step...if yes then please suggest me.

TIA

Atul

Re: chroot ssh implementation

Steven E. Protter — Mon, 16 Oct 2006 12:52:55 GMT

Shalom Atul,

You may have a problem going chroot.

To make chroot work all binaries and OS utils must be available in the directory the user is chrooted to.

If this user is developing code they need much broader access to the system than chroot provides.

I think we're in diagnostic mode and I'd like to see what errors are occurring at login and the system level (/var/log/messages, /var/log/secure) in order to be more helpful.

SEP

Re: chroot ssh implementation

Alexander Chuzhoy — Tue, 17 Oct 2006 03:53:19 GMT

I had the same problem until:

2) add /etc and /sbin

4 and 5) path and shell you specify are relative to chroot dir. So you should omit the path to chroot dir:

Let's say the chroot dir is /local/chroot/
and the home directory for a user is /local/chroot/home/user, in /etc/passwd you specify /home/user as home directory.

Same treatment for shell.

also create chroot_path/dev/null
with mknod chroot_path/dev/null c 1 3
and
chown 666 chroot_path/dev/null

This should help.