Problem:
We need to create user accounts in a server with limited access to the file system. Quick answer create a chroot environment. The user should be able to ssh or scp to the server without having access to others user home directory or root file system.
Solutions:
After a little research, you probably can find different way to do this. One approach is using a restricted shell however this is not a real chroot environment because if the user can change the shell he can access the root file system.Second approach is modifying sshd so the user can only see he is own home dir however this require to change the standard sshd configuration and binary. Finally approach , and this is a very clever solution is creating a chroot enviroment usign chroot command and modifying the user shell...http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/
Basically you can download the script http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail/make_chroot_jail.sh . Make sure is enable to be executed then you can use as follow:
# make_chroot_jail.sh
The script allows you to create a new user
chroot-shell is stored by default on /bin/chroot-shell. However you should specify /bin directory when you require to use a path for the jail.
Path to the jail is by default /home/jail. The script will create a chroot environment under this directory. User directory will be on /home/jail/home/user.
This chroot environment allows the user to ssh , scp or sftp.
Other way to do but more complex is using the JAILKIT from http://olivier.sessink.nl/jailkit/index.html
Enjoy it !
Posts
In cent os 5.5 server created the chroot user using this script
ReplyDeletegrep sakthi /etc/passwd
sakthi:x:633:633::/home/jail/home/sakthi:/bin/chroot-shell
But after creating unable to open the ssh or sftp connections
[root@test ~]# sftp sakthi@localhost
Connecting to localhost...
sakthi@localhost's password:
Connection closed
Regards
Raj