chroot ssh
j.travis
skynet at psinode.com
Fri Apr 16 23:16:59 UTC 2004
> >- useradd -s /bin/bash -d /home/chroot/./testssh/ -c "ssh-test"
> Change '-d /home/chroot/./testssh/' to '-d /home/chroot/'
> The dot ('/./') has nothing to do with your system or your permissions
> or whatever. It's just a string you use in your ssh(d) config. And
> that's the only place to use it.
> (To be honest, I've never used it in an ssh env, so I can't tell you
> where to use it exactly, but ftp uses the same scheme.)
> When sshd reads it's config, it reads
> /home/chroot/./
> and interprets it like
> chroot /home/chroot/
I think it may be getting the /home/chroot/./testssh/
from /etc/passwd rather than a ssh config file.
I think did get it ironed out. A comprehensive list of my setup
instruction follows. It's just a jumping off point but it does seem to do the trick:
mkdir -p /pkg
cd /pkg
wget http://chrootssh.sourceforge.net/download/openssh-3.8p1-chroot.tar.gz
tar -zxvf openssh-3.8p1-chroot.tar.gz
cd /pkg/openssh-3.8p1-chroot
./configure --prefix=/usr \
--sysconfdir=/etc/ssh \
--with-tcp-wrappers \
--with-zlib=/usr/lib \
--with-ssl-dir=/usr/local/bin \
--with-pid-dir=/var/run \
--disable-utmp \
--disable-wtmp \
--libexecdir=/usr/libexec/openssh \
--mandir=/usr/share/man \
--with-ipaddr-display
make
make install
mkdir /home/chrootzebra
useradd -s /bin/bash -d /home/chrootzebra/./zebra/ -c "ssh-test" zebra
chown zebra /home/chrootzebra -R
passwd zebra
cd /home/chrootzebra
mkdir etc bin usr usr/bin lib lib/tls usr/kerberos usr/lib usr/kerberos/lib
grep /etc/passwd -e "^root" -e "^zebra" > etc/passwd
grep /etc/group -e "^root" -e "^zebra" > etc/group
cp /bin/bash ./bin/bash
cp /bin/ls ./bin/ls
cp /bin/mkdir ./bin/mkdir
cp /bin/mv ./bin/mv
cp /bin/pwd ./bin/pwd
cp /bin/rm ./bin/rm
cp /usr/bin/id ./usr/bin/id
cp /usr/bin/rsync ./usr/bin/rsync
cp /usr/bin/ssh ./usr/bin/ssh
cp /bin/ping ./bin/ping
cp /lib/libtermcap.so.2 ./lib/libtermcap.so.2
cp /lib/libdl.so.2 ./lib/libdl.so.2
cp /lib/ld-linux.so.2 ./lib/ld-linux.so.2
cp /lib/tls/libc.so.6 ./lib/tls/libc.so.6
cp /usr/lib/libpopt.so.0 ./usr/lib/libpopt.so.0
cp /lib/libresolv.so.2 ./lib/libresolv.so.2
cp /lib/libcrypto.so.4 ./lib/libcrypto.so.4
cp /lib/libutil.so.1 ./lib/libutil.so.1
cp /usr/lib/libz.so.1 ./usr/lib/libz.so.1
cp /lib/libnsl.so.1 ./lib/libnsl.so.1
cp /lib/libcrypt.so.1 ./lib/libcrypt.so.1
cp /usr/kerberos/lib/libgssapi_krb5.so.2 ./usr/kerberos/lib/libgssapi_krb5.so.2
cp /usr/kerberos/lib/libkrb5.so.3 ./usr/kerberos/lib/libkrb5.so.3
cp /usr/kerberos/lib/libk5crypto.so.3 ./usr/kerberos/lib/libk5crypto.so.3
cp /usr/kerberos/lib/libcom_err.so.3 ./usr/kerberos/lib/libcom_err.so.3
chroot /home/chrootzebra
---------------
then log in from ssh...
More information about the redhat-list
mailing list