Webevaluation wiki

User Tools

Site Tools

Trace: chroot_for_ssh
chroot_for_ssh

Table of Contents

If you want to send us your comments, please do so. Thanks
More on comments

chroot for ssh

Question: can you login via ssh to chroot for account guest and normal login to an other user account?

Installation

Our experience based on: Tecmint's Restrict ssh user to directory using chrooted jail
Work in progress 

mkdir -p /home/guest/dev/
cd /home/guest/dev/
# mknod - make block or character special files
mknod -m 666 null c 1 3
mknod -m 666 tty c 5 0
mknod -m 666 zero c 1 5
mknod -m 666 random c 1 8
chown root:root /home/guest
chmod 0755 /home/guest
ls -ld /home/guest
mkdir -p /home/guest/bin
cp -v /bin/bash /home/guest/bin/
ldd /bin/bash
      linux-vdso.so.1 (0x00007ffc1f35f000)
      libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f4f94227000)
      libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f4f94222000)
      libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4f94061000)
      /lib64/ld-linux-x86-64.so.2 (0x00007f4f94392000)
mkdir -p /home/guest/lib/x86_64-linux-gnu/
# Indeed, both. libtinfo.so.6.1 might be libtinfo.so.6:
cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6.1,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/guest/lib64
cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6.1,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/guest/lib/x86_64-linux-gnu
adduser visitor
mkdir /home/guest/etc
cp -vf /etc/{passwd,group} /home/guest/etc/
vi /etc/ssh/sshd_config
  # Define the username to apply the chroot jail to
  Match User visitor
  # Specify the chroot jail
  ChrootDirectory /home/guest
  systemctl restart sshd
ssh visitor@192.168.0.0

Command line

  • Backspace works. You do not see the result but it is there
  • Arrow up works. Previous command
  • Tab expansion works
    • Implementing /usr/share/bash-completion seems to be a lot of work because of the dependencies

Errors

Loading shared libraries

  1. bash: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory

Connection to 192.168.0.0 closed. Solution: 

ls -l /lib/x86_64-linux-gnu/libtinfo.so.6
lrwxrwxrwx 1 root root 15 nov  2  2019 /lib/x86_64-linux-gnu/libtinfo.so.6 -> libtinfo.so.6.1
cp -v /lib/x86_64-linux-gnu/libtinfo.so.6.1 /home/guest/lib64/

Solution: 

Copy to /home/guest/lib/x86_64-linux-gnu/
cp -v /lib/x86_64-linux-gnu/{libtinfo.so.6.1,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} /home/guest/lib/x86_64-linux-gnu/

Permission denied

ssh visitor@192.168.0.0
visitor@192.168.0.0's password: 
Permission denied, please try again.

No such file or directory

/bin/bash: No such file or directory
Connection to 192.168.0.0 closed.

Installing addtional software

tmux in chroot environment

See tmux

e3

cp -v /usr/bin/e3vi usr/bin/


You can not save changed files.

ls

cp -v /usr/bin/ls usr/bin/  
cp -v /usr/lib/x86_64-linux-gnu/{libselinux.so.1usr,libpcre.so.3} usr/lib/x86_64-linux-gnu/

Wikipedia: chroot
Arch wiki: chroot
Prevent users accessing anything but their own home directory
chroot a linux wonder
Restricting ssh user session to a directory chrooted jail
Restrict ssh user to directory using chrooted jail
The chroot-command
Script to automate the creation of chroot jail w/ minimal executables to run git
Yet another how to chroot article
Alpine Linux in a chroot

Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy

RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
chroot_for_ssh.txt · Last modified: 26-07-2021 11:03 by wim