System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

ssh chroot for a specific user

 
SOLVED
Go to solution
ManojK_1
Valued Contributor

ssh chroot for a specific user

I sit possible to configure ssh chroot for a specific user.

OS :- HP Unix 11.31
Thanks and Regards,
Manoj K
7 REPLIES
Steven E. Protter
Exalted Contributor

Re: ssh chroot for a specific user

Shalom,

Yes, you can chroot individual users with any ssh software.

HP's script they provide with openssh/secure shell can either be run selectively or you can restore the authentication files and only leave changed the users you wish to chroot.

Take a close look at the script that ships with openssh/secure shell.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
singh sanjeev
Trusted Contributor

Re: ssh chroot for a specific user

yes you can use chroot for specific user ,use chroot script.
>chroot is use to restrict the user to specific directory by providing binary file for few operation which is required to do by user.
Sanjeev Singh
ManojK_1
Valued Contributor

Re: ssh chroot for a specific user

Hi,

I am following the following link for ssh chroot configuration.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=115&prodSeriesId=3215373&prodTypeId=18964&objectID=c01516983.

After the configuration chroot working fine but it is for globally (For All Users).

I want to use ssh chroot only for a specific user.

If i am removing the line ChrootDirectory /newroot from
/opt/ssh/etc/sshd_config
ssh working normal.

If we enable the "ChrootDirectory /newroot"
then chroot is active for all the users ssh session.

What i am missing from the configuration for enabling chroot for ssh for specific user.
Thanks and Regards,
Manoj K
Antim Yosifov
Occasional Visitor
Solution

Re: ssh chroot for a specific user

Add a Match statement to the bottom of the /opt/ssh/etc/sshd_config configuration file to make to chroot into the newroot directory when logging in.

For example:

Match User
ChrootDirectory /newroot


NOTE: Alternatively, if you need to do this for a large number of users, it is easier to set it with a Match group statement. The users should belong to your match group.

For example:

Match group sshonly
ChrootDirectory /newroot
ManojK_1
Valued Contributor

Re: ssh chroot for a specific user

Hi,

Now chroot is working perfectly for ssh login.

But facing problem with sftp & scp.

while doing scp i am getting the following error
"/usr/lib/hpux32/dld.so: Unable to find library 'libcrypto.so.1'.
sh: 24030 Killed
lost connection"

while trying for sftp i am getting the following error
"Connection closed"

In both the case system is accepting the password and then throwing this type of error.

Manoj K
Thanks and Regards,
Manoj K
nightwich
Valued Contributor

Re: ssh chroot for a specific user

Hi Manojk


You need to copy that missing library from /usr/lib/lib_name to


/newrrot/usr/lib/libname

Check LD_LIBRARY_PATH.

Regards.

ManojK_1
Valued Contributor

Re: ssh chroot for a specific user

Hi,

The reason for the failure of sftp and scp is because of the permissions of some executables which i have changed for some security and audit issue.

Now ssh, scp & sftp working perfectly with chroot.

Thanks to all especially Antim Yosifov who has given me the correct solution what i am looking for.

Manoj K
Thanks and Regards,
Manoj K