Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
ssh daemon searches include /root and /home/name so if you have them....disable them with root powers.
And I assume you editted your /etc/ file with root powers?
Yes I edited the /etc/ file while logged in as root.
I am not sure what you mean by disable /root and /home/name with root powers, can you go into a bit more detail for me?
I can still directly ssh into my box using the root credentials. I want to disable direct root logins for security purposes. I would like to only be able to log in via a user the be able to su - or sudo if needed.
This is probably an important clue as to why the problem is occurring.
Note that only the PermitRootLogin no directive is required to prevent ssh email@example.com from working. The additional AllowUsers directive is fine, but it is not necessary since there is already a directive that should do exactly what you want.
It's likely that your sshd daemon inside the chrooted environment is not properly reading its /etc/ssh/sshd_config file. (In fact, I question that howto; I don't see that he is moving any sshd_config file into the chrooted environment.)
My short answer is: Don't bother chrooting the sshd daemon. It's a subpar 'security' feature. A better alternative is to put sshd in a Linux-VServer if you want to contain users.
You do not need to move the sshd_config file into the chrooted environment. The user does not need access to this file or any other binaries or config files.
Because this only allows for SFTP, they do not need access to such things.
The user will see the dir structure as something like this(will vary depending on what you let them do with it)
Thats it. They don't need anything else.
Also the original problem here is that the tutorial doesnt use the 'stock' install version of openssh. It installs into the /opt directory and therefore all paths would now be relative to that.
If you notice anything blatantly wrong please let me know as I am not an expert, its just that there wasn't enough information about how to do this easily so I copied my working procedure (and tested it).