Howdoo all,
I've been looking at trying to secure SSH sessions so that specified users can only browse their home diretories.
I've found a couple of bodges that can be made to do the trick, but none of them seem particulalry ideal.
Has anyone got any suggestions on how I could secure SSH in this fashion, whether using CHROOT or something else entirely I don't mind.
Cheers.
----~~~~==oOo==~~~~---- Duncan Carter ----~~~~==oOo==~~~~----
hi, here is another way to implement a chrooted ssh account:
1. use an owner specific login script, e.g. /bin/chroot-login-<user_id>:
----------------------%<----------------------------
#!/bin/bash if [ "$1" = "-c" ]; then i=0; PARAMS=""; for param in $*; do if [ $i -gt 0 ]; then PARAMS="$PARAMS $param"; fi let i++; done; sudo /usr/bin/chroot /path/to/chroot/to /bin/su - username -c "$PARAMS" else sudo /usr/bin/chroot /path/to/chroot/to /bin/su - username fi
----------------------->%----------------------------
enter the filename into your passwd file for user <username>
2. create entry in /etc/sudoers: (w/o newline ;-)
username ALL = NOPASSWD: /usr/bin/chroot /path/to/chroot/to /bin/su - username*
3. create dir '/path/to/chroot/to'
4. create dirs in '/path/to/chroot/to': etc, dev, bin, lib ....
5. create /path/to/chroot/to/etc/passwd with uid, homedir etc. for username, dto. the file etc/group. copy all required files to /path/to/chroot/to/...., e.g. bash and all needed libs etc. for testing, try as root: /usr/bin/chroot /path/to/chroot/to /bin/su - username
if you need more detailed infos, reply.
regards, jochen
-
Duncan Carter -
Jochen Riks