Re: restricting sftp/ssh login access

To: Andreas John <aj@net-lab.net>
Cc: debian-isp@lists.debian.org
Subject: Re: restricting sftp/ssh login access
From: MB <sparkynine@yahoo.com>
Date: Mon, 28 Jun 2004 09:47:53 -0700 (PDT)
Message-id: <[🔎] 20040628164753.1927.qmail@web54106.mail.yahoo.com>
In-reply-to: <40E02D0F.4020206@net-lab.net>

John,

First off, I make a small mistake, the package I used was "jailkit",
from either:

http://www.gnu.org/directory/All_Packages_in_Directory/jailkit.html
or
http://freshmeat.net/projects/jailkit/

It has tons of documentation to help you create a jailed environment,
including loading your jail with whatever executables needed.

Looks like I simplified my script to one line:

-----------------------
#!/bin/bash

/usr/sbin/jk_socketd
------------------------

This produces a group of daemonized processes:
nobody   13659 13658  0 Apr18 ?        00:00:00 [jk_socketd]


but I think that I had a much more elaborate script to
{start|stop|restart} this daemon, something like:


/etc/init.d/chroot_jail
------------------------
#!/bin/bash

case "$1" in
  start)
        echo -n "Starting Chroot Jail Server: chroot jail"
        start-stop-daemon --start --quiet --pidfile
/var/run/jk_socketd.pid --exec /usr/sbin/jk_socketd -- 
        echo "."
        ;;
  stop)
        echo -n "Stopping Chroot Jail Server: chroot jail"
        start-stop-daemon --stop --quiet --oknodo --pidfile
/var/run/jk_socketd.pid
        echo "."
        ;;

  restart)
        echo -n "Restarting Chroot Jail Server: chroot jail"       
start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile
/var/run/jk_socketd.pid
        start-stop-daemon --start --quiet --pidfile
/var/run/jk_socketd.pid --exec /usr/sbin/jk_socketd -- 
        echo "."
        ;;

  *)
        echo "Usage: /etc/init.d/chroot_jail {start|stop|restart}"
        exit 1
esac

exit 0
---------------------------------------


Mark


--- Andreas John <aj@net-lab.net> wrote:
> Hi Mark!
> 
> > You will need to run a special daemon (jk_socketd) to log users
> into the 
> > jail, but that is about the hardest part.  I'll post my startup
> script 
> > if you would like.
> 
> Do I need the ssh-patch if I run this jk_socketd? Does it replace
> that 
> patch? It's pain in the ass to maintain an ssh package that is
> seperate 
> from the debian tree.
> 
> And yes - please post me that startup-script. Would be nice.
> 
> Best regards and many pengiuns,
> Andreas
> 
> 
> -- 
> Andreas John
> net-lab GmbH
> Luisenstrasse 30b
> 63067 Offenbach
> Tel: +49 69 85700331
> 
> http://www.net-lab.net
>

Reply to:

Follow-Ups:
- Re: restricting sftp/ssh login access
  - From: MB <sparkynine@yahoo.com>
- Re: restricting sftp/ssh login access
  - From: "Robert Cates" <robert@kormar.de>

Prev by Date: Re: SCSI Controller for Linux
Next by Date: Re: restricting sftp/ssh login access
Previous by thread: Re: restricting sftp/ssh login access
Next by thread: Re: restricting sftp/ssh login access
Index(es):
- Date
- Thread