LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices

Reply
 
Search this Thread
Old 10-01-2006, 12:52 PM   #1
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
Lightbulb Working Script chroot rssh tested on FC5


Well i wanted to setup a chrooted ssh to allow users sftp to my server for file transfer. The chroot ssh site "http://chrootssh.sourceforge.net/" seems to be down for some reason so i moved to rssh with no need to patch openssh. I had trouble getting it to work and after long hours of hair pulling success just wanted to share this with others so they don't waste time figuring out whats bloddy worng

In my case (testin with Winscp) the connection would close after authenticating the user.

The problem:

permission to /chroot_path/dev/null & /chroot_path/dev/zero was not chmod 666 .sheeshhh

I have tested this on a fedora core 5 distro and would work on redhat distros and possibly on others.

Download Rssh from: http://www.pizzashack.org/rssh/

Configure /etc/rssh.cong for chroot.

Some things i do manually is creating sftp users home directory under the chroot jail home directory, chown the direcoty to the user and chmod 770 to the user's home dir and copying the user's entry frm /etc/passwd & group to chroot jail etc directory.

in my passwd the entry is like:

sftp_user:x:1000:1000::/opt/chroot/home/sftp_user:/usr/bin/rssh

Also edit /etc/sysconfig/syslog

and replace
SYSLOGD_OPTIONS="-m 0"

with

SYSLOGD_OPTIONS="-m 0 -a /chroot_jail_path/dev/log"

service syslog restart

otherwise the last rssh log entry in /var/log/messages will always be:

Quote:
chroot cmd line: /usr/libexec/rssh_chroot_helper 2 /usr/libexec/openssh/sftp-server"
because after chrooting it can't find /dev/log in the jail.

The following is my modified script to create the Chroot Jail environment i found on some site.

Copy and paste the code in a file called "create_chroot_rssh" and

chmod +x create_chroot_rssh

Code:
#!/bin/bash

# Here specify the apps you want into the enviroment
APPS="/usr/bin/scp /usr/libexec/openssh/sftp-server /usr/libexec/rssh_chroot_helper"

# Sanity check
if [ "$1" = "" ] ; then
        echo "Usage: ./create_chroot_rssh chroot_jail_path"
        echo
        echo "For eg: ./create_chroot_rssh /home/chroot"
        exit
fi

# Obtain username and HomeDir
CHROOT_JAIL=$1
cd $CHROOT_JAIL

# Create Directories no one will do it for you
mkdir ./home
mkdir ./etc
mkdir ./usr
mkdir ./usr/bin
mkdir -p ./usr/libexec/openssh
mkdir dev
mknod ./dev/null c 1 3
mknod ./dev/zero c 1 5
chmod 666 ./dev/*

# Copy the apps and the related libs
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraries
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir ./`dirname $l` > /dev/null 2>&1
 cp $l ./$l
                done
        fi
done

# This library has a symbolic link
cp /lib/ld-2.4.so ./lib
ln -s ld-2.4.so ./lib/ld-linux.so.2

# From some strange reason these 3 libraries are not in the ldd output, but without them
# some stuff will not work, like usr/bin/groups
cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
cp /etc/ld.so* ./etc/

Last edited by ~=gr3p=~; 10-01-2006 at 01:00 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
fc5 iptables script ?? dansawyer Linux - Security 1 08-04-2006 11:54 AM
rssh and problems login fredriksk Linux - Enterprise 1 12-06-2005 08:38 AM
Help USB keyboard failing for no reason tested&WORKING carl0ski Linux - Hardware 2 12-07-2004 05:42 AM
sftplogging with rssh plan9 Slackware 0 08-16-2004 09:03 PM
rssh: problems in configuration sqn Linux - Networking 2 05-26-2004 12:39 AM


All times are GMT -5. The time now is 03:52 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration