Hello everybody, I have installed a chroot environment on my web server under a Debian Woody in /var/services/chroot/sshs. I have follow this documentation : http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html I have used the makejail method to do this. Ssh inside the jail work correctly but i have a problem with authentification. But i can start ssh without any problem. So i have put here my /etc/passwd, /etc/group and/etc/pam.d/ssh files here: /etc/passwd : sshd:x:100:65534::/var/run/sshd:/bin/false me:x:101:100:onlyatest:/home/arnaud/./:/bin/bash /etc/group : root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: mail:x:8: news:x:9: uucp:x:10: kmem:x:15: sudo:x:27: audio:x:29: www-data:x:33: backup:x:34: operator:x:37: list:x:38: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: staff:x:50: users:x:100: nogroup:x:65534: wheel:x:101:me /etc/pam.d/ssh : auth required pam_nologin.so auth required pam_unix.so auth required pam_env.so auth required pam_listfile.so account required pam_unix.so session required pam_unix.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard noenv session required pam_limits.so password required pam_unix.so I have also installed the ssh debian package patch for chroot that i have found here: http://debian.home-dn.net/woody/ssh/ssh_3.4p1-1+chroot3.5p1_i386.deb I have join to this mail a log when i have wanted to login on an other computer with debian too. I want to know if i could use the same directory for chroot environment for apache and ssh ? By example i use chroot for directory /var/services/chroot and i put ssh and apache in this directory. Thanks for you help Arnaud Fontaine ----------- * fingerprint of my gnupg key : 1F88 8886 A466 EF50 0F29 CC13 E045 70B2 5306 691E * you can find my gnupg public at this address : http://www.andesi.org/gpg/dsdebian@free.asc
Attachment:
chroot-ssh.log
Description: Binary data
Attachment:
pgp61gsowsTc1.pgp
Description: PGP signature