from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

48186

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openssh

Create a chrooted ssh user

This tutorial explains how to install and configure a chroot enviroment for an ssh user. This setup enables you to give out ssh accounts without having to fear that this user can see all files on the system.

Installing ssh

First you need to have a patched version of the sshd server. Luckily these patches can be enabled with the use flag "chroot" in the sshd use flags.
#echo "net-misc/openssh chroot" >> /etc/portage/package.use
#emerge openssh

creating the chroot enviroment

We will create our chroot enviroment in /home/chroot.
To make the chroot work, run the following commands to make the needed directories and devices for the chrooted user.
mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

Now we need to populate the directories with some binaries.
copy the following script into a file. If you need more apps, add them
to the APPS line.

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done

After you have run the script, your chroot enviroment is almost done.
run

cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
to copy some libraries and user information into the chroot.
You should also copy the line of the group in which you will create new users from /etc/group to /home/chroot/etc/group. In this tutorial we will create users in the group users, so we do this:
grep /etc/group -e "^root" -e "^users" > etc/group

and restart SSH:
/etc/init.d/ssh restart

Creating chrooted users

ssh decides which user should be chrooted and which not by the "home directory" entry in the /etc/passwd.
Example for a non-chrooted user:
user_a:x:2002:100:User A:/home/user_a:/bin/bash
This user will be chrooted:
user_b:x:2003:100:User B:/home/chroot/./home/user_b:/bin/bash
Now lets add a testuser to the chrooted user list:
useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

Then we give testuser a password:
passwd testuser

Finally, we have to copy the line for testuser in /etc/passwd to /home/chroot/etc/passwd:
grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd


Now log in as testuser and see if everything worked.

Have fun
rate this article:
current rating: average rating: 1.2 (48 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2019-08-21
Shapely - 1.6.4_p2
Ebuild name:

sci-libs/Shapely-1.6.4_p2

Description

Geometric objects, predicates, and operations

Added to portage

2019-08-21

go - 1.12.9
Ebuild name:

dev-lang/go-1.12.9

Description

A concurrent garbage collected and typesafe programming language

Added to portage

2019-08-21

libglvnd - 1.1.1
Ebuild name:

media-libs/libglvnd-1.1.1

Description

The GL Vendor-Neutral Dispatch library

Added to portage

2019-08-21

openrc - 0.42.1
Ebuild name:

sys-apps/openrc-0.42.1

Description

OpenRC manages the services, startup and shutdown of a host

Added to portage

2019-08-21

rocminfo - 2.7.0
Ebuild name:

dev-util/rocminfo-2.7.0

Description

ROCm Application for Reporting System Info

Added to portage

2019-08-21

rouge - 3.9.0
Ebuild name:

dev-ruby/rouge-3.9.0

Description

Yet-another-markdown-parser using a strict syntax definition in pure Ruby

Added to portage

2019-08-21

vanilla-sources - 3.16.73
Ebuild name:

sys-kernel/vanilla-sources-3.16.73

Description

Full sources for the Linux kernel

Added to portage

2019-08-21

2019-08-20
acpid - 2.0.32
Ebuild name:

sys-power/acpid-2.0.32

Description

Daemon for Advanced Configuration and Power Interface

Added to portage

2019-08-20

angband - 4.2.0
Ebuild name:

games-roguelike/angband-4.2.0

Description

A roguelike dungeon exploration game based on the books of J.R.R. Tol

Added to portage

2019-08-20

argus-clients - 3.0.8.2-r3
Ebuild name:

net-analyzer/argus-clients-3.0.8.2-r3

Description

Clients for net-analyzer/argus

Added to portage

2019-08-20

arping - 2.20
Ebuild name:

net-analyzer/arping-2.20

Description

A utility to see if a specific IP address is taken and what MAC address ow

Added to portage

2019-08-20

broadcom-sta - 6.30.223.271-r5
Ebuild name:

net-wireless/broadcom-sta-6.30.223.271-r5

Description

Broadcom's IEEE 802.11a/b/g/n hybrid Linux device driver

Added to portage

2019-08-20

cacti-spine - 99999
Ebuild name:

net-analyzer/cacti-spine-99999

Description

Spine is a fast poller for Cacti (formerly known as Cactid)

Added to portage

2019-08-20

debhelper - 12.5.3
Ebuild name:

dev-util/debhelper-12.5.3

Description

Collection of programs that can be used to automate common tasks in debia

Added to portage

2019-08-20

etcd - 3.3.15
Ebuild name:

dev-db/etcd-3.3.15

Description

Highly-available key value store for shared configuration and service discovery

Added to portage

2019-08-20

hsa-ext-rocr - 1.1.9.99
Ebuild name:

dev-libs/hsa-ext-rocr-1.1.9.99

Description

Proprietary image-support library for Radeon Open Compute

Added to portage

2019-08-20

intel-microcode - 20190618_p20190819
Ebuild name:

sys-firmware/intel-microcode-20190618_p20190819

Description

Intel IA32/IA64 microcode update data

Added to portage

2019-08-20

ipsumdump - 1.86-r1
Ebuild name:

net-analyzer/ipsumdump-1.86-r1

Description

Simple TCP/IP Dump summarizer/analyzer

Added to portage

2019-08-20

kodi-audiodecoder-modplug - 2.0.1
Ebuild name:

media-plugins/kodi-audiodecoder-modplug-2.0.1

Description

Modplug decoder addon for Kodi

Added to portage

2019-08-20

kodi-peripheral-joystick - 1.4.8
Ebuild name:

media-plugins/kodi-peripheral-joystick-1.4.8

Description

Libretro compatibility layer for the Kodi Game API

Added to portage

2019-08-20

kodi-pvr-iptvsimple - 3.6.0
Ebuild name:

media-plugins/kodi-pvr-iptvsimple-3.6.0

Description

Kodi's IPTVSimple client addon

Added to portage

2019-08-20

libgdiplus - 6.0.2
Ebuild name:

dev-dotnet/libgdiplus-6.0.2

Description

Library for using System.Drawing with Mono

Added to portage

2019-08-20

libmissing - 1.0.0-r1
Ebuild name:

dev-libs/libmissing-1.0.0-r1

Description

Library with missing functions based on GNUlib

Added to portage

2019-08-20

libsass - 3.6.1
Ebuild name:

dev-libs/libsass-3.6.1

Description

A C/C++ implementation of a Sass CSS compiler

Added to portage

2019-08-20

libtrace - 4.0.9_p1-r1
Ebuild name:

net-libs/libtrace-4.0.9_p1-r1

Description

A library and tools for trace processing

Added to portage

2019-08-20

magit-popup - 2.12.4
Ebuild name:

app-emacs/magit-popup-2.12.4

Description

Define prefix-infix-suffix command combos

Added to portage

2019-08-20

msi-keyboard - 1.0
Ebuild name:

app-laptop/msi-keyboard-1.0

Description

Control backlight of MSI laptop keyboards

Added to portage

2019-08-20

nDPI - 2.8
Ebuild name:

net-libs/nDPI-2.8

Description

Open Source Deep Packet Inspection Software Toolkit

Added to portage

2019-08-20

nagios-core - 4.4.4-r1
Ebuild name:

net-analyzer/nagios-core-4.4.4-r1

Description

Nagios core - monitoring daemon, web GUI, and documentation

Added to portage

2019-08-20

net-snmp - 5.8-r2
Ebuild name:

net-analyzer/net-snmp-5.8-r2

Description

Software for generating and retrieving SNMP data

Added to portage

2019-08-20

ntpclient - 2018.244-r1
Ebuild name:

net-misc/ntpclient-2018.244-r1

Description

A NTP (RFC-1305 and RFC-4330) client for unix-alike systems

Added to portage

2019-08-20

sysdig - 0.26.3
Ebuild name:

dev-util/sysdig-0.26.3

Description

A system exploration and troubleshooting tool

Added to portage

2019-08-20

vala - 0.36.20
Ebuild name:

dev-lang/vala-0.36.20

Description

Compiler for the GObject type system

Added to portage

2019-08-20

vala - 0.40.16
Ebuild name:

dev-lang/vala-0.40.16

Description

Compiler for the GObject type system

Added to portage

2019-08-20

vala - 0.45.91
Ebuild name:

dev-lang/vala-0.45.91

Description

Compiler for the GObject type system

Added to portage

2019-08-20

vala-common - 0.45.91
Ebuild name:

dev-libs/vala-common-0.45.91

Description

Build infrastructure for packages that use Vala

Added to portage

2019-08-20

vnstat - 2.4
Ebuild name:

net-analyzer/vnstat-2.4

Description

Console-based network traffic monitor that keeps statistics of network usag

Added to portage

2019-08-20

xapian - 1.4.12
Ebuild name:

dev-libs/xapian-1.4.12

Description

Xapian Probabilistic Information Retrieval library

Added to portage

2019-08-20

xapian-bindings - 1.4.12
Ebuild name:

dev-libs/xapian-bindings-1.4.12

Description

SWIG and JNI bindings for Xapian

Added to portage

2019-08-20

xapian-omega - 1.4.12
Ebuild name:

app-text/xapian-omega-1.4.12

Description

An application built on Xapian, consisting of indexers and a CGI searc

Added to portage

2019-08-20

xfsprogs - 5.2.0
Ebuild name:

sys-fs/xfsprogs-5.2.0

Description

xfs filesystem utilities

Added to portage

2019-08-20

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 53.0 ms