Re: setting up chroot jail for ssh

To: Debian Linux Distro Users Discussion <debian-user@lists.debian.org>
Subject: Re: setting up chroot jail for ssh
From: andreas.sumper@nimbus.at
Date: Thu, 14 Apr 2005 10:25:23 +0200
Message-id: <[🔎] OF4F2A4C8D.A0C0F7A7-ONC1256FE3.002DC734-C1256FE3.002E44EC@nimbus.at>
In-reply-to: <[🔎] 425E1BAC.9040800@sjki.be>

Benedict Verheyen <benedict.verheyen@sjki.be> wrote on 14.04.2005 09:28:44: > Alexandru Cabuz wrote: > > Hello, > > > > I'm looking for advice on packages to use for setting up an sshd > chroot jail. > > I need just one chroot to which different remote users will login. > > > > I did a search through the package lists and found a few packages > that can set > > up chroot jails for various programs. Google also shows one that does not > > seem to be packaged for debian: jailkit > > > > The Debian packages are > > > > jail > > jailer > > jailtool > > makejail > > > > Also libpam-chroot seems to do something similar though I'm not > exactly sure > > how. > > > > Any advice/experiences on which to use? > > > > My goal is to set up an sftp/scp server on my AMD64 pure64 sid port box to > > which my friends can login and download/upload music. Since most > of them use > > windows and their machines are mostly loaded with spyware, I > thought the best > > way to defend against any attacks from evildoers that will eventually get > > hold of the passwords is to chroot jail them. > > > > Right? > > > > Alex. > > I would use UML/qemu to make a virtual machine for this purpose where > they then can do the uploading. > Nicely seperated from the main system. >
If you want to use a chrooted ssh-environment on a group based policy, you could use the pathc provided at
http://mail.incredimail.com/howto/openssh

for downloading the patch:
http://mail.incredimail.com/howto/openssh/openssh-chroot-group.patch

This patch uses a group and if the user is member of this group, he/she will be chrooted into his home-directory.
You could put your needed commands into the home-directory or into /etc/skel to add the needed files, whenever a new user is created.

hth,
Andy

----------------------------------------------------------------------------
| Andreas Sumper
| Project Management / Security / Administration
|
| nimbus Development IT Consulting GmbH
| we unleash the power of domino
|
| Annenstrasse 30/1
| 8020 Graz
| Tel.: +43 (0) 316 714 255 -> DW 18
| Fax: +43 (0) 316 714 255 -> DW 4
| http://www.nimbus.at/
----------------------------------------------------------------------------
| sent through Lotus Notes 6.5.1
| using wine on a linux box

Reply to:

Follow-Ups:
- Re: setting up chroot jail for ssh
  - From: Alexandru Cabuz <alexcabuz@wanadoo.fr>

References:
- Re: setting up chroot jail for ssh
  - From: Benedict Verheyen <benedict.verheyen@sjki.be>

Prev by Date: Re: Geforce 4 MX 440 64M driver problem
Next by Date: Re: setting up chroot jail for ssh
Previous by thread: Re: setting up chroot jail for ssh
Next by thread: Re: setting up chroot jail for ssh
Index(es):
- Date
- Thread