LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-19-2004, 09:10 AM   #1
slug420
Member
 
Registered: Jul 2004
Posts: 68

Rep: Reputation: 15
trouble with chroot ssh


I am using my linux box as an endpoint for an ssh connection being used to tunnel vnc. Once connected and authenticated, I do not want the users to have any abilities or priveleges at all on the linux box. After some searching it became apparent that the most appropriate solution for this would be chroot.

I downloaded the chrootssh file from sourceforge, did a configure, make, make install and all seemed to go well

I then removed the test user and re-added them with a . in their home dir path ( /home/vncusers/./testusers )

I restarted sshd and when i connected i got the same priveleges as I had before. I could change directories and manipulate files at will. It really seemed like chroot wasnt being "invoked" or something.

I understand that in most cases you need to include all kinds of library files and whatnot in the user's new root directory (their home dir) but in my case I dont want them to have any priveleges or access so i figured this wasnt neccesary. And even if it is, it seems ot me like it would chroot me and the chroot would die, or my session would hang or something would go awry if chroot worked but there were no libraries or files available to the user.

any ideas?

tia

btw, im running suse 9.1
 
Old 07-20-2004, 07:55 AM   #2
slug420
Member
 
Registered: Jul 2004
Posts: 68

Original Poster
Rep: Reputation: 15
bump..
 
Old 07-21-2004, 02:06 PM   #3
slug420
Member
 
Registered: Jul 2004
Posts: 68

Original Poster
Rep: Reputation: 15
Thumbs up

bimp
 
Old 07-22-2004, 06:46 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,383
Blog Entries: 55

Rep: Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558Reputation: 3558
What did you exactly do different from what advice Chrootssh offers?
 
Old 07-26-2004, 08:57 AM   #5
slug420
Member
 
Registered: Jul 2004
Posts: 68

Original Poster
Rep: Reputation: 15
as far as I know I did exactly what chrootssh says to.

I may not have all the system files needed in the user's home dir but that should cause the user to have too few abilities not too many

as it is right now they connect via ssh and its like chrootssh isnt even installed, they can still go wherever and do whatever they want

any other ideas?
 
Old 08-03-2004, 08:16 AM   #6
slug420
Member
 
Registered: Jul 2004
Posts: 68

Original Poster
Rep: Reputation: 15
bueller? bueller??
 
Old 08-10-2004, 01:34 PM   #7
slug420
Member
 
Registered: Jul 2004
Posts: 68

Original Poster
Rep: Reputation: 15
....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
chroot ssh Manuel-H Slackware 3 09-15-2005 05:33 PM
Chroot SSH small howto. ldp Linux - Security 1 01-12-2005 05:50 AM
How to implement chroot in SSH urehman Red Hat 0 10-26-2004 02:41 PM
ssh for chroot Thorsten Linux - Security 1 08-26-2003 05:46 AM
ssh for chroot Thorsten Linux - Software 0 08-26-2003 03:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration