Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
By cam34 at 2008-07-21 18:33
This HOW-TO Should be used as a guide, While I have tried to cover everything I have just retraced my steps after I got it all working. I haven't gone through this with a fine tooth comb.
This HOW-TO is based on Mepis 7 which is basically Debian Etch (For all the googlers :-P ) and presumes you have ssh server up and running already.
Install the PAM Module for SSH Chroot
Code:
apt-get install libpam-chroot
Create the user (if you havent already)
Code:
adduser testuser
Add the user (or users) you want to Chroot via SSH into /etc/security/chroot.conf like:
Code:
# username chroot_dir
testuser /home/testuser
add lines to /etc/pam.d/ssh like: (debug is optional)
Code:
#Setup CHROOT Enviroment for users who SSH in
session required pam_chroot.so debug
Setup the virtual file system for the chroot jail, Run the following commands as root:
Code:
mkdir -p /home/testuser/home/
cd /home/testuser
mkdir etc
mkdir bin
mkdir lib
mkdir -p usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Now setup a basic passwd file for the chroot jail: (I'm not 100% sure if this step is required any longer)
Now we need to copy the applications we want to run into the chrooted jail, Create a txt file called makeapps.sh, add the following to it:
Code:
#!/bin/bash
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog
# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir -p ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done
*** Note if you require other programs etc add the absolute path to them in the APPS line ***
now run the above script:
Code:
sh makeapps.sh
One thing that happens when you try log via SSH at present is you type in the password and recieve:
/bin/bash: No such file or directory
Connection to SSH-SERVER closed.
The makeapps.sh hasn't copied one of the libraries across, we are actually missing a copy of: ld-linx.so.2
So as root:
Code:
cp /lib/ld-linux.so.2 /home/testuser/lib/
Now you should be able log into a chrooted home.
Happy tweaking! - Cam McKenzie aka cAm34
I have been trying to find out my ISP address. My acct. is with Charter Communications. I have looked into my "phone and modem", (in the control panel). I found a couple of addresses, IPV6 local link, (blocked my Putty app), IPV4 default gateway, (refused), IPV4 DHCP server, (refused).
I dont know if these addresses are correct or not.
I run P2P sharing, and am trying to encrypt my info through my ISP, as they are able to track what I am threading in and out.
If anyone has any suggestions on where I might find my ISP add., it would be much appreciated. Or, a better encryption app.
Also, this is my first post on LQ. I was not able to find the right forum for a new thread.
Sorry for posting incorrectly.
My user name is Billy Makk. Please post to me exactly how or where the correct forum for the new thread is.
Thank you for your help, Bill
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
I dont know if these addresses are correct or not.
I run P2P sharing, and am trying to encrypt my info through my ISP, as they are able to track what I am threading in and out.
If anyone has any suggestions on where I might find my ISP add., it would be much appreciated. Or, a better encryption app.
Also, this is my first post on LQ. I was not able to find the right forum for a new thread.
Sorry for posting incorrectly.
My user name is Billy Makk. Please post to me exactly how or where the correct forum for the new thread is.
Thank you for your help, Bill