Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Chroot Jail - Make user to stay only in one directory
pineapple
 Posted: Jan 26 2012, 11:40 AM
Quote Post


SLF Junior
**

Group: Members
Posts: 38
Member No.: 354
Joined: 28-June 11









Hello,

I'm trying to setup Chroot Jail environment so users would only be allowed to browse their directory, but not move up and browse others .. So far I tried couple of options, somehow all fail to do the trick ..

User:john and Group:john are being made.

in /etc/ssh/sshd_config added ..
Match User john
ChrootDirectory /var/www/html/my_domain_name/user's_directory (user's directory being owned by john:john)

Restarted SSHD .. when trying to connect with username, password, server name, port (sftps/ssh) in FileZilla it fails, however if I remove entry from /etc/ssh/sshd_config it works and redirects to /home/john .. there's an issue with Chroot Jail which I need to solve ..
PM
^
pineapple
 Posted: Jan 26 2012, 02:57 PM
Quote Post


SLF Junior
**

Group: Members
Posts: 38
Member No.: 354
Joined: 28-June 11









QUOTE (pineapple @ Jan 26 2012, 12:40 PM)
Hello,

I'm trying to setup Chroot Jail environment so users would only be allowed to browse their directory, but not move up and browse others .. So far I tried couple of options, somehow all fail to do the trick ..

User:john and Group:john are being made.

in /etc/ssh/sshd_config added ..
Match User john
ChrootDirectory /var/www/html/my_domain_name/user's_directory (user's directory being owned by john:john)

Restarted SSHD .. when trying to connect with username, password, server name, port (sftps/ssh) in FileZilla it fails, however if I remove entry from /etc/ssh/sshd_config it works and redirects to /home/john .. there's an issue with Chroot Jail which I need to solve ..



It works .. I have added 3 more lines to /etc/ssh/sshd_config ..

X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

PM
^
helikaon
 Posted: Jan 28 2012, 04:03 PM
Quote Post


SLF Moderator
******

Group: Moderators
Posts: 651
Member No.: 4
Joined: 8-April 11









Hi Pineapple,
good you got it working, just if i might ask - this is working (IMHO) only for the SFTP connections, right? Because if you want to chroot jail ssh connections too, you need to setup complete 'fake' environment including all needed OS folders like /etc /bin /sbin .....

cheers,


--------------------
PMEmail Poster
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll