LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-23-2009, 02:54 PM   #16
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551

Well, as section G.2.2 (The Easy Way) indicates, much of what needs to be done, is automated, by tool(s) created for just this purpose.
In contrast, G.2.3 (The Hard Way) indicates that is the long, drawn-out, tedious way.

Assuming both methods produce the same results, from both a functionality AND security standpoint, then I would opt for the "Easy Way" being "the right way" for me.

That said, I didn't indicate anywhere that "I've been to hell & back with chroot-jailed sshd", because it's quite the opposite: I have relatively little experience with ssh.

There are scores of members here though, who surely HAVE been to H&B with ssh, and I expect & hope that one or more of them will pop in and answer very specifically, your question.

With regard to "Which way is the Right Way?" -- Keep in mind, there's usually with Linux, not one single "right way" to do something; there are usually "many right ways" to do things, and which one is "the right way for me/you" depends on your own circumstances, experience, requirements, time-frame, etc, etc.

If I could advise you from my own experience, I would but I cannot.

Sasha
 
Old 08-23-2009, 02:56 PM   #17
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
EDIT -- you should however probably start a new thread, with a more appropriate title, to get the exact help you require

Cheers,
Sasha
 
Old 08-23-2009, 03:46 PM   #18
ludo33
Member
 
Registered: Feb 2009
Posts: 119

Original Poster
Rep: Reputation: 16
Hee hee

Thanks again GrapefruiTgirl,

Ok I'll give the "easy way" a "bash" Does that count as a pun here?

I taking a wild guess here based on your responses....are you a trainee lawyer?

Thanks again...Ludo
 
Old 08-23-2009, 03:50 PM   #19
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Sure, that'd qualify as a pun!

Speaking of puns: no, I'm definitely not a lawyer, trainee or otherwise. I'm the offspring of a biochemist dad & an English teacher mom (a darned good one too if I may say so) and the English teacher beat proper grammar, spelling & punctuation into me as a child

Sasha
 
Old 08-23-2009, 03:54 PM   #20
ludo33
Member
 
Registered: Feb 2009
Posts: 119

Original Poster
Rep: Reputation: 16
Was it..

..American English or proper English?

Oh and what would suggest as "a more appropriate title" for my new thread?

Thank you very much hen (that's scottish btw and complimentary) Proper Scottish English!

Last edited by ludo33; 08-23-2009 at 04:01 PM.
 
Old 08-23-2009, 04:00 PM   #21
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
PROPER ENGLISH!! lol, can't you tell? And that is, not "The Queen's English" but some semblance of it.

Heh, to be fair, perhaps you aren't a native English speaker, in which case, I say, your English is pretty good too, and you're excused -- I'm not American, I'm Canadian.

And-- a new thread title? How about something like, "Please help configure chroot-jailed sshd for several users" or something like that?

Sasha

Last edited by GrapefruiTgirl; 08-23-2009 at 04:03 PM.
 
Old 08-23-2009, 04:10 PM   #22
ludo33
Member
 
Registered: Feb 2009
Posts: 119

Original Poster
Rep: Reputation: 16
Canadian....

..You say, That makes you nearly Scottish too!
Watch out for my new improved thread title, gonna sleep on it!

Thanks again hen.

C ya
 
Old 08-23-2009, 04:12 PM   #23
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
Quote:
Originally Posted by ludo33 View Post
..You say, That makes you nearly Scottish too!
Watch out for my new improved thread title, gonna sleep on it!

Thanks again hen.

C ya
Indeed-- In fact, I live in New Scotland

You're welcome for the help, no worries. Sweet ssh dreams! I'll be on the lookout...

Sasha
 
Old 08-23-2009, 04:16 PM   #24
ludo33
Member
 
Registered: Feb 2009
Posts: 119

Original Poster
Rep: Reputation: 16
LOL

Night night
 
Old 08-23-2009, 05:37 PM   #25
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
No problem, I don't mind being wrong when it comes to things like that. Basically, you need to determine if you need a separate chrooted environment for each user, or if they can coexist in the same chroot. In other words, are you trying to protect the users from each other, or only trying to protect your server from the users? The later is a bit easier since you basically create a chrooted environment with all of the applications that you will allow the users to use under that path, and use a standard sshd setup inside that chrooted path. The former is a bit more difficult because you need to 1) set up a separate chrooted environment for each user, and 2) modify the sshd to pass an authenticated user off to their own chrooted environment. The steps for both ways seem to be in the link you provided, but which one you choose really should be based on the requirements you have, not which is easiest.

HTH

Forrest

Last edited by forrestt; 08-23-2009 at 05:41 PM.
 
Old 08-24-2009, 03:40 AM   #26
ludo33
Member
 
Registered: Feb 2009
Posts: 119

Original Poster
Rep: Reputation: 16
Hmmm...

Quote:
only trying to protect your server from the users? The later is a bit easier since you basically create a chrooted environment with all of the applications that you will allow the users to use under that path, and use a standard sshd setup inside that chrooted path
That is exactly what I want to do, If only my mastery of the English language was mucher gooderer, just like the Canadians!

Where can I find an idiots guide to doing this?

Many Thanks Forrest
 
Old 08-24-2009, 12:04 PM   #27
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
I would suggest that you start with the instructions under G.2 in the link you provided. The "really easy way" (i.e. G.2.1) isn't what you want, because it really doesn't offer much more security than simply running ssh natively. I don't know of an easy guide to doing this, but you can take a hint from the list of things to do under G.2.2 and look at the makejail command in more detail. It may give you all you need.

HTH

Forrest
 
Old 08-24-2009, 03:14 PM   #28
ludo33
Member
 
Registered: Feb 2009
Posts: 119

Original Poster
Rep: Reputation: 16
OK

Forrest, your reply scares me!

wish me luck!
 
Old 08-24-2009, 03:18 PM   #29
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Well, don't be scared. We're here to help if you have questions.

Forrest

p.s. Good luck!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot to run hd-installed distro's programs from chroot in live distro? silencestone Linux - Software 0 10-12-2007 07:29 AM
sudo /usr/bin/chroot /home/chroot /bin/su - xxx| /bin/su: user xxx does not exist saavik Linux - General 3 07-04-2007 11:30 AM
mount command not working in chroot. and now chroot not working mohit.jain Linux From Scratch 5 07-14-2006 04:57 AM
Chroot chamkila Linux - General 1 06-13-2003 06:46 AM
URLSCAN tool MS = Linux tool ? OB1 Linux - Security 3 10-05-2002 01:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration