Re: chroot ssh

"j.travis" <skynet@xxxxxxxxxxx> · Fri, 16 Apr 2004 16:16:59 -0700

> >- useradd -s /bin/bash -d /home/chroot/./testssh/ -c "ssh-test"

> Change '-d /home/chroot/./testssh/' to '-d /home/chroot/'
> The dot ('/./') has nothing to do with your system or your permissions 
> or whatever. It's just a string you use in your ssh(d) config. And 
> that's the only place to use it.
> (To be honest, I've never used it in an ssh env, so I can't tell you 
> where to use it exactly, but ftp uses the same scheme.)
> When sshd reads it's config, it reads
> /home/chroot/./
> and interprets it like
> chroot /home/chroot/

I think it may be getting the /home/chroot/./testssh/
from /etc/passwd rather than a ssh config file.
I think did get it ironed out.  A comprehensive list of my setup 
instruction follows. It's just a jumping off point but it does seem to do the trick:

mkdir -p /pkg
cd /pkg

wget http://chrootssh.sourceforge.net/download/openssh-3.8p1-chroot.tar.gz

tar -zxvf openssh-3.8p1-chroot.tar.gz

cd /pkg/openssh-3.8p1-chroot

./configure --prefix=/usr \
              --sysconfdir=/etc/ssh \
              --with-tcp-wrappers \
              --with-zlib=/usr/lib \
              --with-ssl-dir=/usr/local/bin \
              --with-pid-dir=/var/run \
              --disable-utmp \
              --disable-wtmp \
			  --libexecdir=/usr/libexec/openssh \
			  --mandir=/usr/share/man \
              --with-ipaddr-display

 make
 make install

mkdir /home/chrootzebra
useradd -s /bin/bash -d /home/chrootzebra/./zebra/ -c "ssh-test" zebra
chown zebra /home/chrootzebra -R
passwd zebra

cd /home/chrootzebra

mkdir etc bin usr usr/bin lib lib/tls usr/kerberos usr/lib usr/kerberos/lib

grep /etc/passwd -e "^root" -e "^zebra" > etc/passwd
grep /etc/group -e "^root" -e "^zebra" > etc/group

cp /bin/bash      ./bin/bash
cp /bin/ls        ./bin/ls 
cp /bin/mkdir     ./bin/mkdir 
cp /bin/mv        ./bin/mv 
cp /bin/pwd       ./bin/pwd 
cp /bin/rm        ./bin/rm 
cp /usr/bin/id    ./usr/bin/id 
cp /usr/bin/rsync ./usr/bin/rsync  
cp /usr/bin/ssh   ./usr/bin/ssh 
cp /bin/ping      ./bin/ping

cp /lib/libtermcap.so.2 ./lib/libtermcap.so.2
cp /lib/libdl.so.2      ./lib/libdl.so.2
cp /lib/ld-linux.so.2   ./lib/ld-linux.so.2
cp /lib/tls/libc.so.6    ./lib/tls/libc.so.6
cp /usr/lib/libpopt.so.0    ./usr/lib/libpopt.so.0
cp /lib/libresolv.so.2    ./lib/libresolv.so.2  
cp /lib/libcrypto.so.4    ./lib/libcrypto.so.4   
cp /lib/libutil.so.1    ./lib/libutil.so.1 
cp /usr/lib/libz.so.1    ./usr/lib/libz.so.1
cp /lib/libnsl.so.1    ./lib/libnsl.so.1 
cp /lib/libcrypt.so.1    ./lib/libcrypt.so.1  
cp /usr/kerberos/lib/libgssapi_krb5.so.2 ./usr/kerberos/lib/libgssapi_krb5.so.2 
cp /usr/kerberos/lib/libkrb5.so.3    ./usr/kerberos/lib/libkrb5.so.3
cp /usr/kerberos/lib/libk5crypto.so.3    ./usr/kerberos/lib/libk5crypto.so.3
cp /usr/kerberos/lib/libcom_err.so.3    ./usr/kerberos/lib/libcom_err.so.3 

chroot /home/chrootzebra
---------------
then log in from ssh...

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list