- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: ssh chroot for a specific user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2010 06:11 AM
тАО05-17-2010 06:11 AM
OS :- HP Unix 11.31
Manoj K
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2010 06:39 AM
тАО05-17-2010 06:39 AM
Re: ssh chroot for a specific user
Yes, you can chroot individual users with any ssh software.
HP's script they provide with openssh/secure shell can either be run selectively or you can restore the authentication files and only leave changed the users you wish to chroot.
Take a close look at the script that ships with openssh/secure shell.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2010 07:13 AM
тАО05-17-2010 07:13 AM
Re: ssh chroot for a specific user
>chroot is use to restrict the user to specific directory by providing binary file for few operation which is required to do by user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2010 09:38 PM
тАО05-17-2010 09:38 PM
Re: ssh chroot for a specific user
I am following the following link for ssh chroot configuration.
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983.
After the configuration chroot working fine but it is for globally (For All Users).
I want to use ssh chroot only for a specific user.
If i am removing the line ChrootDirectory /newroot from
/opt/ssh/etc/sshd_config
ssh working normal.
If we enable the "ChrootDirectory /newroot"
then chroot is active for all the users ssh session.
What i am missing from the configuration for enabling chroot for ssh for specific user.
Manoj K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2010 12:59 AM
тАО05-18-2010 12:59 AM
SolutionFor example:
Match User
ChrootDirectory /newroot
NOTE: Alternatively, if you need to do this for a large number of users, it is easier to set it with a Match group statement. The users should belong to your match group.
For example:
Match group sshonly
ChrootDirectory /newroot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2010 04:23 AM
тАО05-18-2010 04:23 AM
Re: ssh chroot for a specific user
Now chroot is working perfectly for ssh login.
But facing problem with sftp & scp.
while doing scp i am getting the following error
"/usr/lib/hpux32/dld.so: Unable to find library 'libcrypto.so.1'.
sh: 24030 Killed
lost connection"
while trying for sftp i am getting the following error
"Connection closed"
In both the case system is accepting the password and then throwing this type of error.
Manoj K
Manoj K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2010 06:39 AM
тАО05-18-2010 06:39 AM
Re: ssh chroot for a specific user
You need to copy that missing library from /usr/lib/lib_name to
/newrrot/usr/lib/libname
Check LD_LIBRARY_PATH.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-18-2010 10:08 AM
тАО05-18-2010 10:08 AM
Re: ssh chroot for a specific user
The reason for the failure of sftp and scp is because of the permissions of some executables which i have changed for some security and audit issue.
Now ssh, scp & sftp working perfectly with chroot.
Thanks to all especially Antim Yosifov who has given me the correct solution what i am looking for.
Manoj K
Manoj K