Help answer threads with 0 replies.
Go Back > Linux Answers > Security
User Name


By cam34 at 2008-07-21 18:33
This HOW-TO Should be used as a guide, While I have tried to cover everything I have just retraced my steps after I got it all working. I haven't gone through this with a fine tooth comb.

This HOW-TO is based on Mepis 7 which is basically Debian Etch (For all the googlers :-P ) and presumes you have ssh server up and running already.

Install the PAM Module for SSH Chroot
apt-get install libpam-chroot
Create the user (if you havent already)
adduser testuser
Add the user (or users) you want to Chroot via SSH into /etc/security/chroot.conf like:
# username    chroot_dir
testuser	/home/testuser
add lines to /etc/pam.d/ssh like: (debug is optional)
#Setup CHROOT Enviroment for users who SSH in
session    required debug
Setup the virtual file system for the chroot jail, Run the following commands as root:
mkdir -p /home/testuser/home/
cd /home/testuser
mkdir etc
mkdir bin
mkdir lib
mkdir -p usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5
Now setup a basic passwd file for the chroot jail: (I'm not 100% sure if this step is required any longer)
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
grep /etc/passwd -e "^testuser" > etc/passwd
touch etc/group
grep /etc/group -e "^root" -e "^users" > etc/group
grep /etc/group -e "^testuser" -e "^users" > etc/group
Now we need to copy the applications we want to run into the chrooted jail, Create a txt file called, add the following to it:
APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS;  do
        cp $prog ./$prog

        # obtain a list of related libraries
        ldd $prog > /dev/null
        if [ "$?" = 0 ] ; then
                LIBS=`ldd $prog | awk '{ print $3 }'`
                for l in $LIBS; do
                        mkdir -p ./`dirname $l` > /dev/null 2>&1
                        cp $l ./$l
*** Note if you require other programs etc add the absolute path to them in the APPS line ***

now run the above script:
One thing that happens when you try log via SSH at present is you type in the password and recieve:
/bin/bash: No such file or directory
Connection to SSH-SERVER closed.

The hasn't copied one of the libraries across, we are actually missing a copy of:
So as root:
cp /lib/ /home/testuser/lib/
Now you should be able log into a chrooted home.
Happy tweaking! - Cam McKenzie aka cAm34

Guide derived from:

See Mepis Wiki Entry Here:

by Billy Makk on Sat, 2009-12-05 20:09
I have been trying to find out my ISP address. My acct. is with Charter Communications. I have looked into my "phone and modem", (in the control panel). I found a couple of addresses, IPV6 local link, (blocked my Putty app), IPV4 default gateway, (refused), IPV4 DHCP server, (refused).
I dont know if these addresses are correct or not.
I run P2P sharing, and am trying to encrypt my info through my ISP, as they are able to track what I am threading in and out.
If anyone has any suggestions on where I might find my ISP add., it would be much appreciated. Or, a better encryption app.
Also, this is my first post on LQ. I was not able to find the right forum for a new thread.
Sorry for posting incorrectly.
My user name is Billy Makk. Please post to me exactly how or where the correct forum for the new thread is.
Thank you for your help, Bill


All times are GMT -5. The time now is 03:59 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration