chroot ssh

Fri Apr 16 21:47:53 UTC 2004

----- Original Message ----- 
From: "Rob" <rob at OhReally.com>
> 
> You don't need to create the directory /what/ever/./
> Instead of using the directory /what/ever/ in your config, you 
> use /what/ever/./
> Ssh then chroots to /what/ever/
> ./ is not a real directory, it's just a directive for ssh...
----------------------------------------------------------- 


I think I've got the basic idea at this point.  Below is the solution I have come up with (after installing
openssh-3.8p1-chroot.tar.gz).  There is still some glitch somewhere along the line but once I nail it
down I'll repost:
--------------------------------------------------------------------
useradd -s /bin/bash -d /home/chroot/./testssh/ -c "ssh-test" testssh
chown testssh /home/chroot/ -R
chmod 777 /home/chroot/ -R
passwd testssh

cd /home/chroot

mkdir etc bin usr usr/bin lib lib/tls usr/kerberos usr/lib usr/kerberos/lib

grep /etc/passwd -e "^root" -e "^testssh" > etc/passwd
grep /etc/group -e "^root" -e "^testssh" > etc/group

cp /bin/bash      ./bin/bash
cp /bin/ls        ./bin/ls 
cp /bin/mkdir     ./bin/mkdir 
cp /bin/mv        ./bin/mv 
cp /bin/pwd       ./bin/pwd 
cp /bin/rm        ./bin/rm 
cp /usr/bin/id    ./usr/bin/id 
cp /usr/bin/rsync ./usr/bin/rsync  
cp /usr/bin/ssh   ./usr/bin/ssh 
cp /bin/ping      ./bin/ping

cp /lib/libtermcap.so.2 ./lib/libtermcap.so.2
cp /lib/libdl.so.2      ./lib/libdl.so.2
cp /lib/tls/libc.so.6    ./lib/tls/libc.so.6
cp /usr/lib/libpopt.so.0    ./usr/lib/libpopt.so.0
cp /lib/libresolv.so.2    ./lib/libresolv.so.2  
cp /lib/libcrypto.so.4    ./lib/libcrypto.so.4   
cp /lib/libutil.so.1    ./lib/libutil.so.1 
cp /usr/lib/libz.so.1    ./usr/lib/libz.so.1
cp /lib/libnsl.so.1    ./lib/libnsl.so.1 
cp /lib/libcrypt.so.1    ./lib/libcrypt.so.1  
cp /usr/kerberos/lib/libgssapi_krb5.so.2 ./usr/kerberos/lib/libgssapi_krb5.so.2 
cp /usr/kerberos/lib/libkrb5.so.3    ./usr/kerberos/lib/libkrb5.so.3
cp /usr/kerberos/lib/libk5crypto.so.3    ./usr/kerberos/lib/libk5crypto.so.3
cp /usr/kerberos/lib/libcom_err.so.3    ./usr/kerberos/lib/libcom_err.so.3 
-----------------------------------------------------------------------