12th February 2009

chroot con rssh y jailkit

Bueno antes de posterar esto, decir qu me ha costado casi una semana encontrar algo que funcionara en mi ubuntu 8.04. Aqui os lo dejo para que no os volvais locos como yo.

How to chroot ssh users using Jailkit

After setting up my secure ftp server (vsftpd) I needed a solution to allow users to log in, without giving them access to the entire system.

This is my first “How To” so i hope it’ll be able to help someone .

In order to set up the ssh enviroment, I used Jailkit. You can get it here.

Installation
After downloading it, compile and install it:

Code:
tar -zxvf jailkit-2.0.tar.gz
Code:
cd jailkit-2.0
Code:
./configure
Code:
make
Code:
sudo make install

Setting The “Jail” Up
After you’ve installed it, it’s time to set up the “root” directory (the directory to which the users will be jailed to).

Code:
sudo mkdir /jail
Code:
sudo chown root:root /jail

Creating the Proper Environment
The following lines will allow the logged in user to use whichever set of programs you won’t to allow:

Code:
sudo jk_init -v /jail basicshell
sudo jk_init -v /jail editors
sudo jk_init -v /jail extendedshell
sudo jk_init -v /jail netutils
sudo jk_init -v /jail ssh
sudo jk_init -v /jail sftp
sudo jk_init -v /jail jk_lsh

Creating and Jailing the User

Code:
sudo adduser thomas
Code:
sudo jk_jailuser -m -j /jail thomas

In /etc/passwd thomas’ line should look something like that:

Code:
thomas:x:1001:500::/jail/./home/thomas:/usr/sbin/jk_chrootsh

Don’t forget to set the password while you’re at it:

Code:
sudo passwd thomas

Setting Up the Home Directory
To the users logging in to this secured environment “/jail” will just show up as the “/” directory, so setting up a home directory is also needed:

Code:
sudo mkdir -p /jail/home/thomas
Code:
chown thomas:thomas /jail/home/thomas

Passwords
edit the /jail/etc/passwd and /jail/etc/group files with your favorite editor and add these lines (The numbers mentioned are the user and groups id, which you can check by opening the /etc/passwd file and look for the appropriate user):

Code:
sudo vi /jail/etc/group

paste and save this:
thomas:x:500:
Code:
sudo vi /jail/etc/passwd

paste and save this:
thomas:x:1001:500::/home/thomas:/bin/bash

One last thing:

Code:
sudo cp /home/trawler/.bashrc /jail/home/thomas
Code:
sudo chown thomas:thomas /jail/home/thomas/.bashrc

And that should do it!
you can check the configuration by “ssh’ing” your machine:

Code:
ssh thomas@localhost

And make sure everything’s ok.

If anything’s gone wrong /var/log/auth.log will give you the needed details:

Code:
tail /var/log/auth.log

Sacado de http://ubuntuforums.org/showthread.php?t=248724&highlight=chroot

posted in General | 0 Comments

  • Publicidad

  • Calendar

  • February 2009
    M T W T F S S
    « Jan   May »
     1
    2345678
    9101112131415
    16171819202122
    232425262728