from small one page howto to huge articles all in one place
 

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

44687

userrating:

average rating: 1.5 (4 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openssh

Create a chrooted ssh user

This tutorial explains how to install and configure a chroot enviroment for an ssh user. This setup enables you to give out ssh accounts without having to fear that this user can see all files on the system.

Installing ssh

First you need to have a patched version of the sshd server. Luckily these patches can be enabled with the use flag "chroot" in the sshd use flags.
#echo "net-misc/openssh chroot" >> /etc/portage/package.use
#emerge openssh

creating the chroot enviroment

We will create our chroot enviroment in /home/chroot.
To make the chroot work, run the following commands to make the needed directories and devices for the chrooted user.
mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

Now we need to populate the directories with some binaries.
copy the following script into a file. If you need more apps, add them
to the APPS line.

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done

After you have run the script, your chroot enviroment is almost done.
run

cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
to copy some libraries and user information into the chroot.
You should also copy the line of the group in which you will create new users from /etc/group to /home/chroot/etc/group. In this tutorial we will create users in the group users, so we do this:
grep /etc/group -e "^root" -e "^users" > etc/group

and restart SSH:
/etc/init.d/ssh restart

Creating chrooted users

ssh decides which user should be chrooted and which not by the "home directory" entry in the /etc/passwd.
Example for a non-chrooted user:
user_a:x:2002:100:User A:/home/user_a:/bin/bash
This user will be chrooted:
user_b:x:2003:100:User B:/home/chroot/./home/user_b:/bin/bash
Now lets add a testuser to the chrooted user list:
useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

Then we give testuser a password:
passwd testuser

Finally, we have to copy the line for testuser in /etc/passwd to /home/chroot/etc/passwd:
grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd


Now log in as testuser and see if everything worked.

Have fun
rate this article:
current rating: average rating: 1.2 (48 votes) (1=very good 6=terrible)
Your rating:
Very good (1) Good (2) ok (3) average (4) bad (5) terrible (6)

back



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2019-02-19
afflib - 3.7.18
Ebuild name:

app-forensics/afflib-3.7.18

Description

Library that implements the AFF image standard

Added to portage

2019-02-19

at-spi2-atk - 2.30.0
Ebuild name:

app-accessibility/at-spi2-atk-2.30.0

Description

Gtk module for bridging AT-SPI to Atk

Added to portage

2019-02-19

at-spi2-core - 2.30.0
Ebuild name:

app-accessibility/at-spi2-core-2.30.0

Description

D-Bus accessibility specifications and registration daemon

Added to portage

2019-02-19

atk - 2.30.0
Ebuild name:

dev-libs/atk-2.30.0

Description

GTK+ & GNOME Accessibility Toolkit

Added to portage

2019-02-19

cyrus-imapd - 3.0.8-r1
Ebuild name:

net-mail/cyrus-imapd-3.0.8-r1

Description

The Cyrus IMAP Server

Added to portage

2019-02-19

ezmlm-idx - 7.0.0-r3
Ebuild name:

net-mail/ezmlm-idx-7.0.0-r3

Description

Simple yet powerful mailing list manager for qmail

Added to portage

2019-02-19

kmarkdownwebview - 0.5.5
Ebuild name:

kde-misc/kmarkdownwebview-0.5.5

Description

KPart for rendering Markdown content

Added to portage

2019-02-19

kodi - 17.6-r11
Ebuild name:

media-tv/kodi-17.6-r11

Description

A free and open source media-player and entertainment hub

Added to portage

2019-02-19

lmfit - 8.2.2
Ebuild name:

sci-libs/lmfit-8.2.2

Description

library for Levenberg-Marquardt least-squares minimization and curve fitting

Added to portage

2019-02-19

master-pdf-editor - 5.3.12
Ebuild name:

app-text/master-pdf-editor-5.3.12

Description

A complete solution for viewing and editing PDF files

Added to portage

2019-02-19

mesa - 18.3.4
Ebuild name:

media-libs/mesa-18.3.4

Description

OpenGL-like graphic library for Linux

Added to portage

2019-02-19

opendnssec - 2.0.3-r1
Ebuild name:

net-dns/opendnssec-2.0.3-r1

Description

An open-source turn-key solution for DNSSEC

Added to portage

2019-02-19

plasma-pass - 1.0.0
Ebuild name:

kde-misc/plasma-pass-1.0.0

Description

Plasma applet to access password from pass

Added to portage

2019-02-19

ponysay - 3.0.3
Ebuild name:

games-misc/ponysay-3.0.3

Description

cowsay reimplemention for ponies

Added to portage

2019-02-19

qmail-autoresponder - 0.97-r3
Ebuild name:

net-mail/qmail-autoresponder-0.97-r3

Description

Rate-limited autoresponder for qmail

Added to portage

2019-02-19

sysstat - 999999
Ebuild name:

app-admin/sysstat-999999

Description

System performance tools for Linux

Added to portage

2019-02-19

texttable - 1.6.1
Ebuild name:

dev-python/texttable-1.6.1

Description

Module for creating simple ASCII tables

Added to portage

2019-02-19

tpop3d - 1.5.5-r1
Ebuild name:

net-mail/tpop3d-1.5.5-r1

Description

An extensible POP3 server with vmail-sql/MySQL support

Added to portage

2019-02-19

vpopmail - 5.4.33-r3
Ebuild name:

net-mail/vpopmail-5.4.33-r3

Description

Collection of programs to manage virtual email on Qmail servers

Added to portage

2019-02-19

2019-02-18
absl-py - 0.7.0
Ebuild name:

dev-python/absl-py-0.7.0

Description

Abseil Python Common Libraries

Added to portage

2019-02-18

bind - 9.12.3_p1-r1
Ebuild name:

net-dns/bind-9.12.3_p1-r1

Description

BIND - Berkeley Internet Name Domain - Name Server

Added to portage

2019-02-18

ca-certificates - 20190110.3.42.1
Ebuild name:

app-misc/ca-certificates-20190110.3.42.1

Description

Common CA Certificates PEM files

Added to portage

2019-02-18

cffi - 1.12.1
Ebuild name:

dev-python/cffi-1.12.1

Description

Foreign Function Interface for Python calling C code

Added to portage

2019-02-18

chrome-binary-plugins - 72.0.3626.109
Ebuild name:

www-plugins/chrome-binary-plugins-72.0.3626.109

Description

Binary plugins from Google Chrome for use in Chromi

Added to portage

2019-02-18

chrome-binary-plugins - 73.0.3683.39_beta
Ebuild name:

www-plugins/chrome-binary-plugins-73.0.3683.39_beta

Description

Binary plugins from Google Chrome for use in Ch

Added to portage

2019-02-18

chrome-binary-plugins - 74.0.3702.0_alpha
Ebuild name:

www-plugins/chrome-binary-plugins-74.0.3702.0_alpha

Description

Binary plugins from Google Chrome for use in Ch

Added to portage

2019-02-18

cmake - 3.14.0_rc2
Ebuild name:

dev-util/cmake-3.14.0_rc2

Description

Cross platform Make

Added to portage

2019-02-18

cryptography - 2.5
Ebuild name:

dev-python/cryptography-2.5

Description

Library providing cryptographic recipes and primitives

Added to portage

2019-02-18

cryptography-vectors - 2.5
Ebuild name:

dev-python/cryptography-vectors-2.5

Description

Test vectors for the cryptography package

Added to portage

2019-02-18

facter - 3.13.0
Ebuild name:

dev-ruby/facter-3.13.0

Description

Added to portage

2019-02-18

gast - 0.2.2
Ebuild name:

dev-python/gast-0.2.2

Description

A generic AST to represent Python2 and Python3's Abstract Syntax Tree (AST)

Added to portage

2019-02-18

git-sources - 5.0_rc7
Ebuild name:

sys-kernel/git-sources-5.0_rc7

Description

The very latest -git version of the Linux kernel

Added to portage

2019-02-18

google-chrome - 72.0.3626.109
Ebuild name:

www-client/google-chrome-72.0.3626.109

Description

The web browser from Google

Added to portage

2019-02-18

google-chrome-beta - 73.0.3683.39
Ebuild name:

www-client/google-chrome-beta-73.0.3683.39

Description

The web browser from Google

Added to portage

2019-02-18

google-chrome-unstable - 74.0.3702.0
Ebuild name:

www-client/google-chrome-unstable-74.0.3702.0

Description

The web browser from Google

Added to portage

2019-02-18

gromacs - 2019.1
Ebuild name:

sci-chemistry/gromacs-2019.1

Description

The ultimate molecular dynamics simulation package

Added to portage

2019-02-18

http - 4.0.5
Ebuild name:

dev-ruby/http-4.0.5

Description

An easy-to-use client library for making requests from Ruby

Added to portage

2019-02-18

jenkins-bin - 2.150.3
Ebuild name:

dev-util/jenkins-bin-2.150.3

Description

Extensible continuous integration server

Added to portage

2019-02-18

jimtcl - 0.78-r1
Ebuild name:

dev-lang/jimtcl-0.78-r1

Description

Small footprint implementation of Tcl programming language

Added to portage

2019-02-18

keras-applications - 1.0.7
Ebuild name:

sci-libs/keras-applications-1.0.7

Description

Keras deep learning library reference implementations of deep lea

Added to portage

2019-02-18

keras-preprocessing - 1.0.9
Ebuild name:

sci-libs/keras-preprocessing-1.0.9

Description

Easy data preprocessing and data augmentation for deep learning

Added to portage

2019-02-18

kodi - 17.6-r10
Ebuild name:

media-tv/kodi-17.6-r10

Description

A free and open source media-player and entertainment hub

Added to portage

2019-02-18

kodi-pvr-hts - 4.4.14
Ebuild name:

media-plugins/kodi-pvr-hts-4.4.14

Description

Tvheadend Live TV and Radio PVR client addon for Kodi

Added to portage

2019-02-18

less - 550
Ebuild name:

sys-apps/less-550

Description

Excellent text file viewer

Added to portage

2019-02-18

libdbusmenu-qt - 0.9.3_pre20160218-r3
Ebuild name:

dev-libs/libdbusmenu-qt-0.9.3_pre20160218-r3

Description

Library providing Qt implementation of DBusMenu specif

Added to portage

2019-02-18

minikube - 0.34.1
Ebuild name:

sys-cluster/minikube-0.34.1

Description

Single Node Kubernetes Cluster

Added to portage

2019-02-18

multipath-tools - 0.8.0
Ebuild name:

sys-fs/multipath-tools-0.8.0

Description

Device mapper target autoconfig

Added to portage

2019-02-18

openocd - 0.10.0-r1
Ebuild name:

dev-embedded/openocd-0.10.0-r1

Description

OpenOCD - Open On-Chip Debugger

Added to portage

2019-02-18

portage - 2.3.61
Ebuild name:

sys-apps/portage-2.3.61

Description

Portage is the package management and distribution system for Gentoo

Added to portage

2019-02-18

postfix - 3.3.2-r1
Ebuild name:

mail-mta/postfix-3.3.2-r1

Description

A fast and secure drop-in replacement for sendmail

Added to portage

2019-02-18

pycryptodome - 3.7.3
Ebuild name:

dev-python/pycryptodome-3.7.3

Description

A self-contained cryptographic library for Python

Added to portage

2019-02-18

pyxdg - 0.26-r1
Ebuild name:

dev-python/pyxdg-0.26-r1

Description

A Python module to deal with freedesktop.org specifications

Added to portage

2019-02-18

redshift - 1.12-r2
Ebuild name:

x11-misc/redshift-1.12-r2

Description

A screen color temperature adjusting software

Added to portage

2019-02-18

rust-mode - 0.3.0_p20190125
Ebuild name:

app-emacs/rust-mode-0.3.0_p20190125

Description

A major emacs mode for editing Rust source code

Added to portage

2019-02-18

satyr - 0.27
Ebuild name:

dev-libs/satyr-0.27

Description

Satyr is a collection of low-level algorithms for program failure processing

Added to portage

2019-02-18

sysvinit - 2.94_beta
Ebuild name:

sys-apps/sysvinit-2.94_beta

Description

/sbin/init - parent of all processes

Added to portage

2019-02-18

tensorboard - 1.12.2
Ebuild name:

sci-visualization/tensorboard-1.12.2

Description

TensorFlow's Visualization Toolkit

Added to portage

2019-02-18

tensorflow - 1.13.0_rc2
Ebuild name:

sci-libs/tensorflow-1.13.0_rc2

Description

Computation framework using data flow graphs for scalable machine le

Added to portage

2019-02-18

tensorflow-estimator - 1.13.0_rc0
Ebuild name:

sci-libs/tensorflow-estimator-1.13.0_rc0

Description

A high-level TensorFlow API that greatly simplifies machin

Added to portage

2019-02-18

udiskie - 1.7.7
Ebuild name:

sys-fs/udiskie-1.7.7

Description

An automatic disk mounting service using udisks

Added to portage

2019-02-18

weechat - 2.4
Ebuild name:

net-irc/weechat-2.4

Description

Portable and multi-interface IRC client

Added to portage

2019-02-18

wine-any - 4.1
Ebuild name:

app-emulation/wine-any-4.1

Description

Free implementation of Windows(tm) on Unix, with optional external patch

Added to portage

2019-02-18

wine-d3d9 - 4.1
Ebuild name:

app-emulation/wine-d3d9-4.1

Description

Free implementation of Windows(tm) on Unix, with Gallium Nine patchset

Added to portage

2019-02-18

wine-staging - 4.1
Ebuild name:

app-emulation/wine-staging-4.1

Description

Free implementation of Windows(tm) on Unix, with Wine-Staging patchs

Added to portage

2019-02-18

wine-vanilla - 4.1
Ebuild name:

app-emulation/wine-vanilla-4.1

Description

Free implementation of Windows(tm) on Unix, without external patchse

Added to portage

2019-02-18

xcalc - 1.0.7
Ebuild name:

x11-apps/xcalc-1.0.7

Description

scientific calculator for X

Added to portage

2019-02-18

youtube-dl - 2019.02.18
Ebuild name:

net-misc/youtube-dl-2019.02.18

Description

Download videos from YouTube.com (and more sites...)

Added to portage

2019-02-18

rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2018 Sascha Nitsch Unternehmensberatung UG(haftungsbeschänkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 53.7 ms