LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Linux Answers > Security
User Name
Password

Notices

By cam34 at 2008-07-21 18:33
This HOW-TO Should be used as a guide, While I have tried to cover everything I have just retraced my steps after I got it all working. I haven't gone through this with a fine tooth comb.

This HOW-TO is based on Mepis 7 which is basically Debian Etch (For all the googlers :-P ) and presumes you have ssh server up and running already.

Install the PAM Module for SSH Chroot
Code:
apt-get install libpam-chroot
Create the user (if you havent already)
Code:
adduser testuser
Add the user (or users) you want to Chroot via SSH into /etc/security/chroot.conf like:
Code:
# username    chroot_dir
testuser	/home/testuser
add lines to /etc/pam.d/ssh like: (debug is optional)
Code:
#Setup CHROOT Enviroment for users who SSH in
session    required     pam_chroot.so debug
Setup the virtual file system for the chroot jail, Run the following commands as root:
Code:
mkdir -p /home/testuser/home/
cd /home/testuser
mkdir etc
mkdir bin
mkdir lib
mkdir -p usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Now setup a basic passwd file for the chroot jail: (I'm not 100% sure if this step is required any longer)
Code:
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
grep /etc/passwd -e "^testuser" > etc/passwd
touch etc/group
grep /etc/group -e "^root" -e "^users" > etc/group
grep /etc/group -e "^testuser" -e "^users" > etc/group
Now we need to copy the applications we want to run into the chrooted jail, Create a txt file called makeapps.sh, add the following to it:
Code:
#!/bin/bash
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraries
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir -p ./`dirname $l` > /dev/null 2>&1
                        cp $l ./$l
                done
        fi
done
*** Note if you require other programs etc add the absolute path to them in the APPS line ***

now run the above script:
Code:
sh makeapps.sh
One thing that happens when you try log via SSH at present is you type in the password and recieve:
/bin/bash: No such file or directory
Connection to SSH-SERVER closed.

The makeapps.sh hasn't copied one of the libraries across, we are actually missing a copy of: ld-linx.so.2
So as root:
Code:
cp /lib/ld-linux.so.2 /home/testuser/lib/
Now you should be able log into a chrooted home.
Happy tweaking! - Cam McKenzie aka cAm34

Guide derived from: http://www.howtoforge.com/chrooted_ssh_howto_debian

See Mepis Wiki Entry Here: http://www.mepis.org/docs/en/index.p...t_jail_for_SSH

by Billy Makk on Sat, 2009-12-05 20:09
I have been trying to find out my ISP address. My acct. is with Charter Communications. I have looked into my "phone and modem", (in the control panel). I found a couple of addresses, IPV6 local link, (blocked my Putty app), IPV4 default gateway, (refused), IPV4 DHCP server, (refused).
I dont know if these addresses are correct or not.
I run P2P sharing, and am trying to encrypt my info through my ISP, as they are able to track what I am threading in and out.
If anyone has any suggestions on where I might find my ISP add., it would be much appreciated. Or, a better encryption app.
Also, this is my first post on LQ. I was not able to find the right forum for a new thread.
Sorry for posting incorrectly.
My user name is Billy Makk. Please post to me exactly how or where the correct forum for the new thread is.
Thank you for your help, Bill


  



All times are GMT -5. The time now is 08:42 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration