[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restricting sftp/ssh login access


First off, I make a small mistake, the package I used was "jailkit",
from either:


It has tons of documentation to help you create a jailed environment,
including loading your jail with whatever executables needed.

Looks like I simplified my script to one line:



This produces a group of daemonized processes:
nobody   13659 13658  0 Apr18 ?        00:00:00 [jk_socketd]

but I think that I had a much more elaborate script to
{start|stop|restart} this daemon, something like:


case "$1" in
        echo -n "Starting Chroot Jail Server: chroot jail"
        start-stop-daemon --start --quiet --pidfile
/var/run/jk_socketd.pid --exec /usr/sbin/jk_socketd -- 
        echo "."
        echo -n "Stopping Chroot Jail Server: chroot jail"
        start-stop-daemon --stop --quiet --oknodo --pidfile
        echo "."

        echo -n "Restarting Chroot Jail Server: chroot jail"       
start-stop-daemon --stop --quiet --oknodo --retry 30 --pidfile
        start-stop-daemon --start --quiet --pidfile
/var/run/jk_socketd.pid --exec /usr/sbin/jk_socketd -- 
        echo "."

        echo "Usage: /etc/init.d/chroot_jail {start|stop|restart}"
        exit 1

exit 0


--- Andreas John <aj@net-lab.net> wrote:
> Hi Mark!
> > You will need to run a special daemon (jk_socketd) to log users
> into the 
> > jail, but that is about the hardest part.  I'll post my startup
> script 
> > if you would like.
> Do I need the ssh-patch if I run this jk_socketd? Does it replace
> that 
> patch? It's pain in the ass to maintain an ssh package that is
> seperate 
> from the debian tree.
> And yes - please post me that startup-script. Would be nice.
> Best regards and many pengiuns,
> Andreas
> -- 
> Andreas John
> net-lab GmbH
> Luisenstrasse 30b
> 63067 Offenbach
> Tel: +49 69 85700331
> http://www.net-lab.net

Reply to: