from small one page howto to huge articles all in one place

search text in:




Other .linuxhowtos.org sites: www.linuxhowtos.org
toolsntoys.linuxhowtos.org



Last additions:
How to make X listen on port 6000

How to make X listen on port 6000

words:

34

views:

86854

userrating:

average rating: 1.2 (52 votes) (1=very good 6=terrible)


May, 25th 2007:
April, 26th 2007:
Apr, 10th. 2007:
Druckversion . pdf icon
You are here: Tutorials per portage category->net-misc->openssh

Create a chrooted ssh user

This tutorial explains how to install and configure a chroot enviroment for an ssh user. This setup enables you to give out ssh accounts without having to fear that this user can see all files on the system.

Installing ssh

First you need to have a patched version of the sshd server. Luckily these patches can be enabled with the use flag "chroot" in the sshd use flags.
#echo "net-misc/openssh chroot" >> /etc/portage/package.use
#emerge openssh

creating the chroot enviroment

We will create our chroot enviroment in /home/chroot.
To make the chroot work, run the following commands to make the needed directories and devices for the chrooted user.
mkdir /home/chroot/
mkdir /home/chroot/home/
cd /home/chroot
mkdir etc
mkdir bin
mkdir lib
mkdir usr
mkdir usr/bin
mkdir dev
mknod dev/null c 1 3
mknod dev/zero c 1 5

Now we need to populate the directories with some binaries.
copy the following script into a file. If you need more apps, add them
to the APPS line.

APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
for prog in $APPS; do
cp $prog ./$prog

# obtain a list of related libraries
ldd $prog > /dev/null
if [ "$?" = 0 ] ; then
LIBS=`ldd $prog | awk '{ print $3 }'`
for l in $LIBS; do
mkdir ./`dirname $l` > /dev/null 2>&1
cp $l ./$l
done
fi
done

After you have run the script, your chroot enviroment is almost done.
run

cp /lib/libnss_compat.so.2 /lib/libnsl.so.1 /lib/libnss_files.so.2 ./lib/
echo '#!/bin/bash' > usr/bin/groups
echo "id -Gn" >> usr/bin/groups
touch etc/passwd
grep /etc/passwd -e "^root" > etc/passwd
to copy some libraries and user information into the chroot.
You should also copy the line of the group in which you will create new users from /etc/group to /home/chroot/etc/group. In this tutorial we will create users in the group users, so we do this:
grep /etc/group -e "^root" -e "^users" > etc/group

and restart SSH:
/etc/init.d/ssh restart

Creating chrooted users

ssh decides which user should be chrooted and which not by the "home directory" entry in the /etc/passwd.
Example for a non-chrooted user:
user_a:x:2002:100:User A:/home/user_a:/bin/bash
This user will be chrooted:
user_b:x:2003:100:User B:/home/chroot/./home/user_b:/bin/bash
Now lets add a testuser to the chrooted user list:
useradd -s /bin/bash -m -d /home/chroot/./home/testuser -c "testuser" -g users testuser

Then we give testuser a password:
passwd testuser

Finally, we have to copy the line for testuser in /etc/passwd to /home/chroot/etc/passwd:
grep /etc/passwd -e "^testuser" >> /home/chroot/etc/passwd


Now log in as testuser and see if everything worked.

Have fun
back



Support us on Content Nation

New Packages

- as rdf newsfeed
- as rss newsfeed
- as Atom newsfeed
2026-07-15
android-studio - 2026.1.2.10
Ebuild name:

dev-util/android-studio-2026.1.2.10

Description

Android development environment based on IntelliJ IDEA

Added to portage

2026-07-15

claude-code - 2.1.209
Ebuild name:

dev-util/claude-code-2.1.209

Description

Claude Code - an agentic coding tool by Anthropic

Added to portage

2026-07-15

tox - 0.2.23
Ebuild name:

net-libs/tox-0.2.23

Description

Encrypted P2P, messaging, and audio/video calling platform

Added to portage

2026-07-15

toxic - 0.16.3
Ebuild name:

net-im/toxic-0.16.3

Description

A curses-based client for Tox

Added to portage

2026-07-15

yq - 3.4.4
Ebuild name:

app-misc/yq-3.4.4

Description

Command-line YAML processor - jq wrapper for YAML documents

Added to portage

2026-07-15

yq - 4.1.2
Ebuild name:

app-misc/yq-4.1.2

Description

Command-line YAML processor - jq wrapper for YAML documents

Added to portage

2026-07-15

2026-07-14
3proxy - 0.9.7
Ebuild name:

net-proxy/3proxy-0.9.7

Description

Really tiny cross-platform proxy servers set

Added to portage

2026-07-14

awscli - 1.45.47
Ebuild name:

app-admin/awscli-1.45.47

Description

Universal Command Line Environment for AWS

Added to portage

2026-07-14

bcachefs-tools - 1.38.8
Ebuild name:

sys-fs/bcachefs-tools-1.38.8

Description

Tools for bcachefs

Added to portage

2026-07-14

bear - 4.1.5
Ebuild name:

dev-util/bear-4.1.5

Description

A tool that generates a compilation database for clang tooling

Added to portage

2026-07-14

boost - 1.91.0-r2
Ebuild name:

dev-libs/boost-1.91.0-r2

Description

Boost Libraries for C++

Added to portage

2026-07-14

boto3 - 1.43.47
Ebuild name:

dev-python/boto3-1.43.47

Description

The AWS SDK for Python

Added to portage

2026-07-14

botocore - 1.43.47
Ebuild name:

dev-python/botocore-1.43.47

Description

Low-level, data-driven core of boto 3

Added to portage

2026-07-14

brscan5 - 1.6.2.0-r1
Ebuild name:

media-gfx/brscan5-1.6.2.0-r1

Description

SANE driver for Brother scanners (brscan5)

Added to portage

2026-07-14

checksec - 2.7.1-r2
Ebuild name:

app-admin/checksec-2.7.1-r2

Description

Tool to check properties of executables (e.g. ASLR/PIE, RELRO, PaX, Can

Added to portage

2026-07-14

cifs-utils - 7.7
Ebuild name:

net-fs/cifs-utils-7.7

Description

Tools for Managing Linux CIFS Client Filesystems

Added to portage

2026-07-14

dolphin - 2606
Ebuild name:

games-emulation/dolphin-2606

Description

Gamecube and Wii game emulator

Added to portage

2026-07-14

freerdp - 3.29.0
Ebuild name:

net-misc/freerdp-3.29.0

Description

Free implementation of the Remote Desktop Protocol

Added to portage

2026-07-14

gdm - 49.3
Ebuild name:

gnome-base/gdm-49.3

Description

GNOME Display Manager for managing graphical display servers and user logins

Added to portage

2026-07-14

gnome-shell-extension-lockscreen-studio - 1.1.2
Ebuild name:

gnome-extra/gnome-shell-extension-lockscreen-studio-1.1.2

Description

Customization extension for the gnome-she

Added to portage

2026-07-14

google-auth - 2.56.0
Ebuild name:

dev-python/google-auth-2.56.0

Description

Google Authentication Library

Added to portage

2026-07-14

grub2-theme-preview - 2.10.0
Ebuild name:

x11-misc/grub2-theme-preview-2.10.0

Description

Preview a GRUB 2.x theme using KVM/QEMU

Added to portage

2026-07-14

ig - 0.54.1
Ebuild name:

app-admin/ig-0.54.1

Description

Tools and framework for data collection and system inspection using eBPF

Added to portage

2026-07-14

jaraco-functools - 4.6.0
Ebuild name:

dev-python/jaraco-functools-4.6.0

Description

Additional functions used by other projects by developer jaraco

Added to portage

2026-07-14

just - 1.55.1
Ebuild name:

dev-build/just-1.55.1

Description

Just a command runner (with syntax inspired by 'make')

Added to portage

2026-07-14

kas - 5.4
Ebuild name:

dev-build/kas-5.4

Description

Setup tool for bitbake based projects

Added to portage

2026-07-14

msgpack - 7.0.1
Ebuild name:

dev-libs/msgpack-7.0.1

Description

MessagePack is a binary-based efficient data interchange format

Added to portage

2026-07-14

msgpack-cxx - 8.0.0
Ebuild name:

dev-cpp/msgpack-cxx-8.0.0

Description

MessagePack for C++

Added to portage

2026-07-14

mypy - 2.3.0
Ebuild name:

dev-python/mypy-2.3.0

Description

Optional static typing for Python

Added to portage

2026-07-14

narwhals - 2.24.0
Ebuild name:

dev-python/narwhals-2.24.0

Description

Extremely lightweight compatibility layer between dataframe libraries

Added to portage

2026-07-14

nerd-icons - 0.1.0
Ebuild name:

app-emacs/nerd-icons-0.1.0

Description

Emacs Nerd Font Icons Library

Added to portage

2026-07-14

nwipe - 0.41
Ebuild name:

app-crypt/nwipe-0.41

Description

Securely erase disks using a variety of recognized methods

Added to portage

2026-07-14

onak - 0.6.3
Ebuild name:

app-crypt/onak-0.6.3

Description

onak is an OpenPGP keyserver

Added to portage

2026-07-14

onak - 0.6.4
Ebuild name:

app-crypt/onak-0.6.4

Description

onak is an OpenPGP keyserver

Added to portage

2026-07-14

ophcrack - 3.8.0-r2
Ebuild name:

app-crypt/ophcrack-3.8.0-r2

Description

A time-memory-trade-off-cracker

Added to portage

2026-07-14

ophcrack-tables - 1.0-r2
Ebuild name:

app-crypt/ophcrack-tables-1.0-r2

Description

Tables available for ophcrack

Added to portage

2026-07-14

osslsigncode - 2.13
Ebuild name:

app-crypt/osslsigncode-2.13

Description

Platform-independent tool for Authenticode signing of EXE/CAB files

Added to portage

2026-07-14

osslsigncode - 2.9
Ebuild name:

app-crypt/osslsigncode-2.9

Description

Platform-independent tool for Authenticode signing of EXE/CAB files

Added to portage

2026-07-14

pch-session - 49.1
Ebuild name:

gnome-extra/pch-session-49.1

Description

Unofficial gnome based session with different default settings and ext

Added to portage

2026-07-14

peewee - 4.2.2
Ebuild name:

dev-python/peewee-4.2.2

Description

Small Python ORM

Added to portage

2026-07-14

php - 8.2.32
Ebuild name:

dev-lang/php-8.2.32

Description

The PHP language runtime engine

Added to portage

2026-07-14

php - 8.3.32
Ebuild name:

dev-lang/php-8.3.32

Description

The PHP language runtime engine

Added to portage

2026-07-14

php - 8.4.23
Ebuild name:

dev-lang/php-8.4.23

Description

The PHP language runtime engine

Added to portage

2026-07-14

php - 8.5.8
Ebuild name:

dev-lang/php-8.5.8

Description

The PHP language runtime engine

Added to portage

2026-07-14

pkgconf - 3.0.2
Ebuild name:

dev-util/pkgconf-3.0.2

Description

pkg-config compatible replacement with no dependencies other than C99

Added to portage

2026-07-14

pkixssh - 19.0.1
Ebuild name:

net-misc/pkixssh-19.0.1

Description

OpenSSH fork with X.509 v3 certificate support

Added to portage

2026-07-14

postfix - 3.12_pre20260713
Ebuild name:

mail-mta/postfix-3.12_pre20260713

Description

A fast and secure drop-in replacement for sendmail

Added to portage

2026-07-14

prismlauncher - 11.0.3
Ebuild name:

games-action/prismlauncher-11.0.3

Description

Custom, open source Minecraft launcher

Added to portage

2026-07-14

pyghmi - 1.6.19
Ebuild name:

dev-python/pyghmi-1.6.19

Description

A pure python implementation of IPMI protocol

Added to portage

2026-07-14

pyproject-fmt - 2.25.3
Ebuild name:

dev-python/pyproject-fmt-2.25.3

Description

Format your pyproject.toml file

Added to portage

2026-07-14

python-manilaclient - 6.2.0
Ebuild name:

dev-python/python-manilaclient-6.2.0

Description

Python bindings to the OpenStack Manila API

Added to portage

2026-07-14

python-openstackclient - 10.2.0
Ebuild name:

dev-python/python-openstackclient-10.2.0

Description

A client for the OpenStack APIs

Added to portage

2026-07-14

rutorrent - 5.3.7
Ebuild name:

www-apps/rutorrent-5.3.7

Description

ruTorrent is a front-end for the popular Bittorrent client rTorrent

Added to portage

2026-07-14

sabnzbd - 5.0.4
Ebuild name:

net-nntp/sabnzbd-5.0.4

Description

Binary newsgrabber with web-interface

Added to portage

2026-07-14

sed - 4.10-r1
Ebuild name:

sys-apps/sed-4.10-r1

Description

Super-useful stream editor

Added to portage

2026-07-14

tempora - 5.12.0
Ebuild name:

dev-python/tempora-5.12.0

Description

Objects and routines pertaining to date and time

Added to portage

2026-07-14

translate-toolkit - 3.19.14
Ebuild name:

dev-python/translate-toolkit-3.19.14

Description

Toolkit to convert between many translation formats

Added to portage

2026-07-14

ttyplot - 1.7.5
Ebuild name:

app-admin/ttyplot-1.7.5

Description

Realtime plotting utility with data input from stdin

Added to portage

2026-07-14

urwid - 4.0.4
Ebuild name:

dev-python/urwid-4.0.4

Description

Curses-based user interface library for Python

Added to portage

2026-07-14

zsnes - 2.2.1
Ebuild name:

games-emulation/zsnes-2.2.1

Description

Fork of the classic Super Nintendo emulator

Added to portage

2026-07-14

rdf newsfeed | rss newsfeed | Atom newsfeed
Copyright 2004-2025 Sascha Nitsch Unternehmensberatung GmbH
- Copyright and legal notices -
Time to create this page: 76.4 ms