HPE Community
Operating System - Linux
1832312 Members
1950 Online
110041 Solutions
New Discussion

chroot ssh implementation

 
Atul Gautam
Valued Contributor

‎09-20-2006 11:43 PM

‎09-20-2006 11:43 PM

chroot ssh implementation

Xperts,

How can we setup a chrooted SSH.

I've gone through a no. of webpages but they have got their own tools or packages or patches that I do not want to use rather I want to implement it using the default packages available in RHEL.

Tried implementing the pam_chroot.so & also used /etc/security/chroot.conf but didn't succeed.

So, kindly help me in implementing this using step by step approach....

Thanks a lot in advance!!!


ATUL
0 Kudos
Reply
5 REPLIES 5
Ivan Ferreira
Honored Contributor

‎09-21-2006 01:34 AM

‎09-21-2006 01:34 AM

Re: chroot ssh implementation

Attached is a step by step guide.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Atul Gautam
Valued Contributor

‎09-21-2006 01:52 AM

‎09-21-2006 01:52 AM

Re: chroot ssh implementation

Thanks Ivan,

thanks a lot for this pdf but i've already gone through this one and couldn't implement the same...that's why I had to go for some expert advice.

Please correct me and suggest me beside what I did ---

1) Creating a chroot dir (such as /home/chroot)

2) Creating supporting directories (such as /lib, /usr/lib, /home, /bin)

3) Copying necessary files from actual directories to the ones creating under chrooted directory.

4) Adding users and specifying their home directory as the path to the chroot dir.

5) Specifying the shell present under chroot dir.

6) Editing /etc/security/chroot.conf and specifying information in the format ---

e.g. example /tmp/chroot/home/example

7) Editing /etc/pam.d/ssh and mentioning ---
session required pam_chroot.so


WHAT ELSE DO I NEED TO DO........???

Kindly suggest me.....

If i'm wrong at this point then do correct me considering yourself as an expert and me as a newbie....



--
Atul
0 Kudos
Reply
Atul Gautam
Valued Contributor

‎10-16-2006 02:30 AM

‎10-16-2006 02:30 AM

Re: chroot ssh implementation

Hi Xperts,

Kindly help me....
Do I need to perform any other step...if yes then please suggest me.



TIA

Atul
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-16-2006 05:52 AM

‎10-16-2006 05:52 AM

Re: chroot ssh implementation

Shalom Atul,

You may have a problem going chroot.

To make chroot work all binaries and OS utils must be available in the directory the user is chrooted to.

If this user is developing code they need much broader access to the system than chroot provides.

I think we're in diagnostic mode and I'd like to see what errors are occurring at login and the system level (/var/log/messages, /var/log/secure) in order to be more helpful.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎10-16-2006 08:53 PM

‎10-16-2006 08:53 PM

Re: chroot ssh implementation

I had the same problem until:


2) add /etc and /sbin

4 and 5) path and shell you specify are relative to chroot dir. So you should omit the path to chroot dir:

Let's say the chroot dir is /local/chroot/
and the home directory for a user is /local/chroot/home/user, in /etc/passwd you specify /home/user as home directory.

Same treatment for shell.

also create chroot_path/dev/null
with mknod chroot_path/dev/null c 1 3
and
chown 666 chroot_path/dev/null


This should help.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.