Re: chroot and OpenSSH

To: debian-isp@lists.debian.org
Subject: Re: chroot and OpenSSH
From: Eirik Dentz <eirikdentz@brainlink.com>
Date: Fri, 03 Aug 2001 13:03:24 -0400
Message-id: <[🔎] 3B6AD95D.D050D035@brainlink.com>
Reply-to: eirikdentz@brainlink.com
References: <[🔎] 3B6AADE6.B49E9B24@brainlink.com> <[🔎] 20010803152447.F1519@challah.msrl.com>

Aaron Ghent wrote:
> 
> > I don't have much experience with chroot, but I want to set up an SSH
> > access for a user and restrict them to their home directory.
> >
> > I've done a little research and found out that the commercial SSH2
> > provides "ChRootUsers" and "ChRootGroups" configuration directives.
> > While I suppose that I could install SSH2 because their licensing allows
> > for free use with the Linux OS, I would rather stick with OpenSSH, which
> > is what I'm using now.
> >
> > According to the O'Reilly SSH book SSH2 is the only implementation of
> > SSH with those directives built in.  I decided to poke around on the
> > OpenSSH mailing lists to see if there was any discussion of adding a
> > similar feature to OpenSSH and it looks like there is/was an unofficial
> > patch in the CVS but it was never incorporated into the official OpenSSH
> > distro and subsequently not in the Linux port of OpenSSH.  And I
> > certainly don't know enough to try to port the patch myself.
> >
> > Then I tried the following which probably indicates my ignorance of the
> > Linux/SSH/login process, I tried changing  the user's shell: "/bin/bash"
> > to a shell script with: usermod -s /bin/usr_login.sh which contained one line:
> >
> > chroot /path/to/userhomedir /bin/bash
> >
> > This fails, and I'm pretty sure that I know why, but I wanted to seek
> > advice and guidance from those of you who might have experience with
> > this before proceeding.
> 
> Did you add '/bin/usr_login.sh' to /etc/shells?

Oops hadn't noticed /etc/shells. I added usr_login.sh to it and I'm
still getting the same error message as before:

chroot: cannot change root directory to /home/userdir: Operation not permitted

In addition these are the corresponding lines from my /var/log/messages:

Aug  3 12:16:22 server1 sshd[1770]: Accepted password for user1 from
xxx.xxx.xxx.xxx port 49155 ssh2
Aug  3 12:16:22 server1 PAM_pwdb[1770]: (sshd) session opened for user
user1 by (uid=0)
Aug  3 12:16:22 server1 sshd[1770]: fatal: session_input_channel_req:
channel 0: no session
Aug  3 12:16:22 server1 PAM_pwdb[1770]: (sshd) session closed for user user1

Thanks for the response.  Nice sig.

> > Thanks in advance,
> >
> > eirik
> 
> --
> Aaron Ghent.
> 
> You're not going crazy!
> You're going sane...
> In a crazy world!
>                  -- The Tick
> 
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: chroot and OpenSSH
  - From: Aaron Ghent <dementia@tembel.org>
- Re: chroot and OpenSSH
  - From: Frank Louwers <frank@student.rug.ac.be>
- Re: chroot and OpenSSH
  - From: "Jeremy C. Reed" <reed@wcug.wwu.edu>

References:
- chroot and OpenSSH
  - From: Eirik Dentz <eirikdentz@brainlink.com>
- Re: chroot and OpenSSH
  - From: Aaron Ghent <dementia@tembel.org>

Prev by Date: Re: chroot and OpenSSH
Next by Date: Re: chroot and OpenSSH
Previous by thread: Re: chroot and OpenSSH
Next by thread: Re: chroot and OpenSSH
Index(es):
- Date
- Thread