Re: chroot ssh for login

To: debian-user@lists.debian.org
Subject: Re: chroot ssh for login
From: crispin@iinet.net.au
Date: Thu, 31 Jan 2002 17:03:52 +0800
Message-id: <[🔎] 20020131170352.G3652@earth>
In-reply-to: <[🔎] 20020131075705.GC4613@clues.de>; from efraim@clues.de on Thu, Jan 31, 2002 at 08:57:05AM +0100
References: <[🔎] 20020131075705.GC4613@clues.de>

On Thu, Jan 31, 2002 at 08:57:05AM +0100, Alexander Koch wrote:
> Hi all,
> 
> can anyone probably give me an idea of how I can build a
> chroot ssh on a production server running Debian unstable?
> 
> I could use ssh2 and the chroot feature, but that one is
> really ugly non-free I am not further considering it at all.
> 
> Using debootstrap probably and then dpkg --root-dir= ? But
> then how do I get into the system, what do I have to do with
> the passwd entry and whatnot?
> 
> Many thanks in advance,
> Alexander

You can use your authorized_keys file to specify a command that is run when someone logs in with a specific RSA key. They don't get a shell, the command runs regardless. So your command might be 

chroot /gaol /bin/bash

So the line in your authorized_keys would be

command="chroot /gaol /bin/bash" ...key...

You can add other restrictions in like

command="chroot /gaol /bin/bash",host="onlyallow.domain.com",idle-timeout=2m,no-agent-forwarding ...key...

man sshd for more info.

Note that it can only be used on key authentication, not passwords. If this isn't acceptable, it should be because you should be using keys :)

Kind Regards
Crispin Wellington

Reply to:

References:
- chroot ssh for login
  - From: Alexander Koch <efraim@clues.de>

Prev by Date: Re: Mailing list recomendation
Next by Date: Re: UT
Previous by thread: Re: chroot ssh for login
Next by thread: install nslookup
Index(es):
- Date
- Thread