chroot ssh
j.travis
skynet at psinode.com
Fri Apr 16 21:47:53 UTC 2004
----- Original Message -----
From: "Rob" <rob at OhReally.com>
>
> You don't need to create the directory /what/ever/./
> Instead of using the directory /what/ever/ in your config, you
> use /what/ever/./
> Ssh then chroots to /what/ever/
> ./ is not a real directory, it's just a directive for ssh...
-----------------------------------------------------------
I think I've got the basic idea at this point. Below is the solution I have come up with (after installing
openssh-3.8p1-chroot.tar.gz). There is still some glitch somewhere along the line but once I nail it
down I'll repost:
--------------------------------------------------------------------
useradd -s /bin/bash -d /home/chroot/./testssh/ -c "ssh-test" testssh
chown testssh /home/chroot/ -R
chmod 777 /home/chroot/ -R
passwd testssh
cd /home/chroot
mkdir etc bin usr usr/bin lib lib/tls usr/kerberos usr/lib usr/kerberos/lib
grep /etc/passwd -e "^root" -e "^testssh" > etc/passwd
grep /etc/group -e "^root" -e "^testssh" > etc/group
cp /bin/bash ./bin/bash
cp /bin/ls ./bin/ls
cp /bin/mkdir ./bin/mkdir
cp /bin/mv ./bin/mv
cp /bin/pwd ./bin/pwd
cp /bin/rm ./bin/rm
cp /usr/bin/id ./usr/bin/id
cp /usr/bin/rsync ./usr/bin/rsync
cp /usr/bin/ssh ./usr/bin/ssh
cp /bin/ping ./bin/ping
cp /lib/libtermcap.so.2 ./lib/libtermcap.so.2
cp /lib/libdl.so.2 ./lib/libdl.so.2
cp /lib/tls/libc.so.6 ./lib/tls/libc.so.6
cp /usr/lib/libpopt.so.0 ./usr/lib/libpopt.so.0
cp /lib/libresolv.so.2 ./lib/libresolv.so.2
cp /lib/libcrypto.so.4 ./lib/libcrypto.so.4
cp /lib/libutil.so.1 ./lib/libutil.so.1
cp /usr/lib/libz.so.1 ./usr/lib/libz.so.1
cp /lib/libnsl.so.1 ./lib/libnsl.so.1
cp /lib/libcrypt.so.1 ./lib/libcrypt.so.1
cp /usr/kerberos/lib/libgssapi_krb5.so.2 ./usr/kerberos/lib/libgssapi_krb5.so.2
cp /usr/kerberos/lib/libkrb5.so.3 ./usr/kerberos/lib/libkrb5.so.3
cp /usr/kerberos/lib/libk5crypto.so.3 ./usr/kerberos/lib/libk5crypto.so.3
cp /usr/kerberos/lib/libcom_err.so.3 ./usr/kerberos/lib/libcom_err.so.3
-----------------------------------------------------------------------
More information about the redhat-list
mailing list