Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear All,
I am centos 5.5 user. Now my problem I would like to give login for remote user both via ssh and sftp. So when this particular user login just would like them to see a particular number of folder and limit their access. Any idea I have read and google on chroot etc but I am confuse how to setup in centos 5.5?
Dear Kewpie,
I have visited this links n many more others. I am confuse what is difference between chroot and openssh. Chroot is techique or tool? Then how does openssh play its roles. I know centos 5.5 does now have the latest openssh so I must upgrade first rite?
Based upon the questions you are asking, I think that this free PDF book may be beneficial to you: http://ftacademy.org/materials/fsm/13 It covers a lot of ground regarding Linux systems and will help you to rapidly come up to speed on subject like Linux file permissions and basic networking tools like SSH.
To answer your question directly, chroot (change-root) is both a technique and a tool to fork off a process and make a directory it's root file system. This can be done to both contain the process and to create a distinct environment for it to operate. OpenSSH is an SSH, Secure SHell application that allows remote users to login to the system and give them a shell prompt. Via this shell, users will have the same access as if they opened a shell prompt from the system keyboard. Their ability to see files will depend upon the file permissions.
Dear Kewpie,
I have visited this links n many more others. I am confuse what is difference between chroot and openssh. Chroot is techique or tool? Then how does openssh play its roles. I know centos 5.5 does now have the latest openssh so I must upgrade first rite?
chroot is a tool used to lock a user into a certain subdirectory, and you just configre ssh to call it as part of the login process. There is no need to specifically upgrade anything to achieve what you want, but naturally things should be kept up to date, especially when security is involved.
Dear Noway2,
Now I am getting a clearer picture what this chroot is all about. Correct me here normally when we login we get to the root. So when this user log in their root is what that have been changed rite. So now my confusion is why a lot of article out there talks about upgrading openssh to version 5++ etc before can do chroot.
Dear Kewpie,
I was confuse all these way cause all the article talks about openssh upgrade and some even talks on rssh. So now you told me there is no need to upgrade then how am I going to do it any link or steps for me to follow? Thank you.
Dear Kewpie,
The article is talking about openssh >4.9 but mine I have checked
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. So you ask me to concentrate sshd_config? Should I follow that article to upgrade or not?
That is a good article that Acid_kewpie is referencing!
Quote:
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008. So you ask me to concentrate sshd_config? Should I follow that article to upgrade or not?
You are using a relatively outdated version. Per the documentation, this feature works with OpenSSH 4.9 and later, which you are not using. As of today, the current version of OpenSSH is 5.9 and many distributions, even those with slower releases are in the mid 5.x series. My honest recommendation is that you upgrade to a more recent system as you probably have many un-patched vulnerabilities. If you are a subscriber to Red Hat, you should have upgrades. If you are not, you should consider using Cent OS instead of RHEL for this reason. You could try to update your OpenSSH, but with a base system ~3 years old, you will undoubtedly have library and other dependency conflicts.
Dear Noway2,
I am on a centos platform. So I should go n update my openssh first rite. So you doubt it could be updates is it? If I really can not find an update so what is your next advice? Upgrade the OS is it? Ok let me try to update and see if I can do it.
shall I say AGAIN that you don't need to upgrade?? If the changes in the config file work, then they work. Why are you so keen to make one number the same as another number? that's just the version they happened to use in their guide. if you want to upgrade, then do so, nothing stopping you, but either way, just move on.
shall I say AGAIN that you don't need to upgrade?? If the changes in the config file work, then they work.
Acid_kewpie, I am not so sure this is correct. The OP is stating that they are using Open SSH revision 4.3p2, which actually dates to 2006. The open SSL libraries date to 2008. According to the OpenSSH release notes this feature was not included until version 4.9.
newbie14, activating the desired feature is a matter of changing the configuration. Normally, in any sort of current version of SSH, it is not necessary to upgrade. Try making the configuration changes and if this feature doesn't work, THEN confirm the version of SSH you are using. You should be able to do this with the command ssh -V
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.