LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-02-2013, 06:52 AM   #1
slowerogue
Member
 
Registered: Oct 2012
Posts: 93

Rep: Reputation: Disabled
ssh jail issue


hi i want to make user login via ssh will be jailed to his directory..
newbie here, i find alot of tutorial about jail ssh, but all the result give me back the sftp result.
i hv did alot of configuration and makes me more confuse

Code:
groupadd sftponly
usermod sftponly user


#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp

Match Group sftponly
ChrootDirectory /aaa/home/%u
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
user from group sftponly will not be able to access to server via ssh/sftp.
Error: Software caused connection abort.
i have added/delete AllowGroups,
swap # between internal-sftp || /usr/lib/openssh/sftp-server
all still have the same error

or i have manually added
Code:
# mkdir /aaa
# cd /aaa
# mkdir {bin,dev,lib64}
# cp -p /bin/bash bin/
# cp -p /lib64/*.* lib/64
# mknod dev/null c 1 3
# mknod dev/zero c 1 5
# chmod 0666 dev/{null,zero}
# useradd -m -d /aaa/home/ch5 -s /aaa/bin/bash ch5
i can login ch5 via ssh, but not jailed
if i add user ch5 into group sftponly
it will have the same error as above
anyone pls help, or if i hv gone wrong too deep, just give me an exmaple of this .thanks


oh i have also use makejail.sh http://www.fuschlberger.net/programs...p-chroot-jail/
sh makejail.sh ch6 /bin/bash /export
still cannnot
please help ,ty

Last edited by slowerogue; 01-02-2013 at 06:56 AM.
 
Old 01-02-2013, 12:23 PM   #2
saagar
Member
 
Registered: Jul 2008
Location: Chennai, India
Distribution: RHEL5, Ubuntu
Posts: 191

Rep: Reputation: 37
Hi,

Please find out if this could be of any help:

Code:
http://geek.co.il/wp/2010/03/14/how-to-build-a-chroot-jail-environment-for-centos
 
Old 01-02-2013, 10:39 PM   #3
slowerogue
Member
 
Registered: Oct 2012
Posts: 93

Original Poster
Rep: Reputation: Disabled
hi thanks for your reply. i have found why i was unable to connect using sftp
setenforce 0 will let me sftp to the rhel, with proper jail it in his directory.

but how do i jail ssh?

i want to jail a user from ssh and sftp(done), not root

thanks alot
 
Old 01-02-2013, 11:24 PM   #4
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
I suggest you look at the man page for sshd_conf, in particular the ChrootDirectory option. Note that this option should be placed after a "Match" line (so you can selectively choose which users and groups to chroot). For example, I have at the very end of my sshd_config:

Code:
Match group group1,group2
   ChrootDirectory /home/chroot
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fail2ban log errors for ssh jail linuxlover.chaitanya Linux - Security 2 07-24-2010 08:01 AM
[SOLVED] chroot jail problem: 'empty' jail MatrixS_Master Linux - Security 4 03-27-2010 07:25 AM
SSH jail and ACL lists thebomb Linux - Security 1 03-09-2010 04:32 AM
slackware 10.2 chroot/jail ssh zdannar Slackware 3 07-12-2007 06:51 PM
ssh session in a chroot jail? houler Linux - Security 13 04-05-2005 02:10 AM


All times are GMT -5. The time now is 09:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration