Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Well, as section G.2.2 (The Easy Way) indicates, much of what needs to be done, is automated, by tool(s) created for just this purpose.
In contrast, G.2.3 (The Hard Way) indicates that is the long, drawn-out, tedious way.
Assuming both methods produce the same results, from both a functionality AND security standpoint, then I would opt for the "Easy Way" being "the right way" for me.
That said, I didn't indicate anywhere that "I've been to hell & back with chroot-jailed sshd", because it's quite the opposite: I have relatively little experience with ssh.
There are scores of members here though, who surely HAVE been to H&B with ssh, and I expect & hope that one or more of them will pop in and answer very specifically, your question.
With regard to "Which way is the Right Way?" -- Keep in mind, there's usually with Linux, not one single "right way" to do something; there are usually "many right ways" to do things, and which one is "the right way for me/you" depends on your own circumstances, experience, requirements, time-frame, etc, etc.
If I could advise you from my own experience, I would but I cannot.
Speaking of puns: no, I'm definitely not a lawyer, trainee or otherwise. I'm the offspring of a biochemist dad & an English teacher mom (a darned good one too if I may say so) and the English teacher beat proper grammar, spelling & punctuation into me as a child
No problem, I don't mind being wrong when it comes to things like that. Basically, you need to determine if you need a separate chrooted environment for each user, or if they can coexist in the same chroot. In other words, are you trying to protect the users from each other, or only trying to protect your server from the users? The later is a bit easier since you basically create a chrooted environment with all of the applications that you will allow the users to use under that path, and use a standard sshd setup inside that chrooted path. The former is a bit more difficult because you need to 1) set up a separate chrooted environment for each user, and 2) modify the sshd to pass an authenticated user off to their own chrooted environment. The steps for both ways seem to be in the link you provided, but which one you choose really should be based on the requirements you have, not which is easiest.
only trying to protect your server from the users? The later is a bit easier since you basically create a chrooted environment with all of the applications that you will allow the users to use under that path, and use a standard sshd setup inside that chrooted path
That is exactly what I want to do, If only my mastery of the English language was mucher gooderer, just like the Canadians!
I would suggest that you start with the instructions under G.2 in the link you provided. The "really easy way" (i.e. G.2.1) isn't what you want, because it really doesn't offer much more security than simply running ssh natively. I don't know of an easy guide to doing this, but you can take a hint from the list of things to do under G.2.2 and look at the makejail command in more detail. It may give you all you need.