from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

40718

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openssh

Create a chrooted ssh user

This tutorial explains how to install and configure a chroot enviroment for an ssh user. This setup enables you to give out ssh accounts without having to fear that this user can see all files on the system.

Installing ssh

First you need to have a patched version of the sshd server. Luckily these patches can be enabled with the use flag "chroot" in the sshd use flags.
#echo "net-misc/openssh chroot" >> /etc/portage/package.use
#emerge openssh

creating the chroot enviroment

We will create our chroot enviroment in /home/chroot.
To make the chroot work, run the following commands to make the needed directories and devices for the chrooted user.
mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

Now we need to populate the directories with some binaries.
copy the following script into a file. If you need more apps, add them
to the APPS line.

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done

After you have run the script, your chroot enviroment is almost done.
run

cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
to copy some libraries and user information into the chroot.
You should also copy the line of the group in which you will create new users from /etc/group to /home/chroot/etc/group. In this tutorial we will create users in the group users, so we do this:
grep /etc/group -e "^root" -e "^users" > etc/group

and restart SSH:
/etc/init.d/ssh restart

Creating chrooted users

ssh decides which user should be chrooted and which not by the "home directory" entry in the /etc/passwd.
Example for a non-chrooted user:
user_a:x:2002:100:User A:/home/user_a:/bin/bash
This user will be chrooted:
user_b:x:2003:100:User B:/home/chroot/./home/user_b:/bin/bash
Now lets add a testuser to the chrooted user list:
useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

Then we give testuser a password:
passwd testuser

Finally, we have to copy the line for testuser in /etc/passwd to /home/chroot/etc/passwd:
grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd


Now log in as testuser and see if everything worked.

Have fun
rate this article:
current rating: average rating: 1.2 (48 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2018-05-21
cmake - 3.11.2
Ebuild name:

dev-util/cmake-3.11.2

Description

Cross platform Make

Added to portage

2018-05-21

hg-git - 0.8.11
Ebuild name:

dev-vcs/hg-git-0.8.11

Description

push to and pull from a Git repository using Mercurial

Added to portage

2018-05-21

pgmodeler - 0.9.1
Ebuild name:

dev-db/pgmodeler-0.9.1

Description

PostgreSQL Database Modeler

Added to portage

2018-05-21

procps - 3.3.15
Ebuild name:

sys-process/procps-3.3.15

Description

standard informational utilities and process-handling tools

Added to portage

2018-05-21

texlive-core - 2017-r4
Ebuild name:

app-text/texlive-core-2017-r4

Description

A complete TeX distribution

Added to portage

2018-05-21

urlwatch - 2.11
Ebuild name:

www-misc/urlwatch-2.11

Description

A tool for monitoring webpages for updates

Added to portage

2018-05-21

wayland-protocols - 1.14
Ebuild name:

dev-libs/wayland-protocols-1.14

Description

Wayland protocol files

Added to portage

2018-05-21

2018-05-20
asciinema - 2.0.1
Ebuild name:

app-misc/asciinema-2.0.1

Description

Command line recorder for asciinema.org service

Added to portage

2018-05-20

byacc - 20180510
Ebuild name:

dev-util/byacc-20180510

Description

the best variant of the Yacc parser generator

Added to portage

2018-05-20

chrootuid - 1.3-r2
Ebuild name:

app-admin/chrootuid-1.3-r2

Description

Run a network service at low privilege level and restricted file system

Added to portage

2018-05-20

collectd - 5.8.0
Ebuild name:

app-metrics/collectd-5.8.0

Description

Collects system statistics and provides mechanisms to store the values

Added to portage

2018-05-20

dash - 0.5.10.2
Ebuild name:

app-shells/dash-0.5.10.2

Description

Debian Almquist Shell

Added to portage

2018-05-20

debianutils - 4.8.6
Ebuild name:

sys-apps/debianutils-4.8.6

Description

A selection of tools from Debian

Added to portage

2018-05-20

debootstrap - 1.0.99
Ebuild name:

dev-util/debootstrap-1.0.99

Description

Debian/Ubuntu bootstrap scripts

Added to portage

2018-05-20

hplip - 3.18.4
Ebuild name:

net-print/hplip-3.18.4

Description

HP Linux Imaging and Printing - Print, scan, fax drivers and service tools

Added to portage

2018-05-20

irqbalance - 1.4.0
Ebuild name:

sys-apps/irqbalance-1.4.0

Description

Distribute hardware interrupts across processors on a multiprocessor syst

Added to portage

2018-05-20

kpeg - 1.1.0-r1
Ebuild name:

dev-ruby/kpeg-1.1.0-r1

Description

A simple PEG library for Ruby

Added to portage

2018-05-20

libsfml - 2.5.0
Ebuild name:

media-libs/libsfml-2.5.0

Description

Simple and Fast Multimedia Library (SFML)

Added to portage

2018-05-20

libtorrent - 0.13.6-r2
Ebuild name:

net-libs/libtorrent-0.13.6-r2

Description

BitTorrent library written in C++ for *nix

Added to portage

2018-05-20

mariadb - 10.2.15
Ebuild name:

dev-db/mariadb-10.2.15

Description

An enhanced, drop-in replacement for MySQL

Added to portage

2018-05-20

mbuffer - 20180505
Ebuild name:

sys-block/mbuffer-20180505

Description

M(easuring)buffer is a replacement for buffer with additional functional

Added to portage

2018-05-20

meson - 0.46.1
Ebuild name:

dev-util/meson-0.46.1

Description

Open source build system

Added to portage

2018-05-20

neofetch - 4.0.1
Ebuild name:

app-misc/neofetch-4.0.1

Description

Simple information system script

Added to portage

2018-05-20

pcl - 1.12-r1
Ebuild name:

dev-libs/pcl-1.12-r1

Description

Portable Coroutine Library

Added to portage

2018-05-20

pwcrypt - 1.2.2-r2
Ebuild name:

app-admin/pwcrypt-1.2.2-r2

Description

An improved version of cli-crypt (encrypts data sent to it from the cli)

Added to portage

2018-05-20

pysolfc - 2.2.0
Ebuild name:

games-board/pysolfc-2.2.0

Description

An exciting collection of more than 1000 solitaire card games

Added to portage

2018-05-20

random2 - 1.0.1
Ebuild name:

dev-python/random2-1.0.1

Description

Python-2.7 random module ported to python-3

Added to portage

2018-05-20

rdoc - 6.0.4
Ebuild name:

dev-ruby/rdoc-6.0.4

Description

An extended version of the RDoc library from Ruby 1.8

Added to portage

2018-05-20

rt-sources - 4.14.40_p30
Ebuild name:

sys-kernel/rt-sources-4.14.40_p30

Description

Full Linux . kernel sources with the CONFIG_PREEMPT_RT patch

Added to portage

2018-05-20

rt-sources - 4.16.8_p2
Ebuild name:

sys-kernel/rt-sources-4.16.8_p2

Description

Full Linux . kernel sources with the CONFIG_PREEMPT_RT patch

Added to portage

2018-05-20

rt-sources - 4.4.131_p148
Ebuild name:

sys-kernel/rt-sources-4.4.131_p148

Description

Full Linux . kernel sources with the CONFIG_PREEMPT_RT patch

Added to portage

2018-05-20

rt-sources - 4.9.98_p76
Ebuild name:

sys-kernel/rt-sources-4.9.98_p76

Description

Full Linux . kernel sources with the CONFIG_PREEMPT_RT patch

Added to portage

2018-05-20

runit - 2.1.1-r2
Ebuild name:

sys-process/runit-2.1.1-r2

Description

A UNIX init scheme with service supervision

Added to portage

2018-05-20

sanitize - 4.6.5
Ebuild name:

dev-ruby/sanitize-4.6.5

Description

Sanitize is a whitelist-based HTML sanitizer

Added to portage

2018-05-20

tensorflow - 1.8.0-r1
Ebuild name:

sci-libs/tensorflow-1.8.0-r1

Description

Computation framework using data flow graphs for scalable machine lear

Added to portage

2018-05-20

toolz - 0.9.0
Ebuild name:

dev-python/toolz-0.9.0

Description

List processing tools and functional utilities

Added to portage

2018-05-20

xf86-video-vmware - 13.3.0
Ebuild name:

x11-drivers/xf86-video-vmware-13.3.0

Description

VMware SVGA video driver

Added to portage

2018-05-20

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 4.3 ms