Results 1 to 9 of 9

Thread: SSH Cjhroot Jail

  1. November 30th, 2012 #1
    PinkFloyd102489's Avatar
    PinkFloyd102489
    PinkFloyd102489 is offline Grande Half-n-Half Cinnamon Ubuntu
    Join Date
    Nov 2007
    Location
    NC, USA
    Beans
    829
    Distro
    Ubuntu 12.04 Precise Pangolin

    SSH Cjhroot Jail

    Hello,

    I'm trying to set up a chroot jail for a user in /var/jail, following this guide http://allanfeid.com/content/creatin...ail-ssh-access.

    I've got everything set up, but upon attempting to log in with the user, I get:

    Code:
    /var/jail/bin/bash: No such file or directory
Connection closed.
    I've verified that /var/jail/bin/bash does exist, which is the bash that I want the user to utilize, so that they cannot escape the jail in any way. Everything in /var/jail/ is root:root, except for the users home directory which is owned by user:sshusers. I've also got the sshd_config configured to match the group and apply the chroot to /var/jail.
    Linux User #460341 || Ubuntu User #19510 || Unanswered Posts Team
    Advanced reply Adv Reply  
  2. November 30th, 2012 #2
    Lars Noodén's Avatar
    Lars Noodén
    Lars Noodén is offline Ubuntu Member
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSH Chroot Jail

    What login shell is your user trying to get? It should be relative to the jail. It should be /bin/bash.
    Advanced reply Adv Reply  
  3. November 30th, 2012 #3
    PinkFloyd102489's Avatar
    PinkFloyd102489
    PinkFloyd102489 is offline Grande Half-n-Half Cinnamon Ubuntu
    Join Date
    Nov 2007
    Location
    NC, USA
    Beans
    829
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SSH Chroot Jail

    Quote Originally Posted by Lars Noodén View Post
    What login shell is your user trying to get? It should be relative to the jail. It should be /bin/bash.
    I set the user's shell to /var/jail/bin/bash, since it resides within the jail.
    Linux User #460341 || Ubuntu User #19510 || Unanswered Posts Team
    Advanced reply Adv Reply  
  4. November 30th, 2012 #4
    Lars Noodén's Avatar
    Lars Noodén
    Lars Noodén is offline Ubuntu Member
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSH Chroot Jail

    Try setting it to /bin/bash because the chrooted user's account will not be able to see anything outside of the jail. So even though it is really /var/jail/bin/bash, for all practical purposes it will be /bin/bash because there is no /var/jail/bin/bash inside the jail.
    Advanced reply Adv Reply  
  5. November 30th, 2012 #5
    PinkFloyd102489's Avatar
    PinkFloyd102489
    PinkFloyd102489 is offline Grande Half-n-Half Cinnamon Ubuntu
    Join Date
    Nov 2007
    Location
    NC, USA
    Beans
    829
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SSH Cjhroot Jail

    Ok I'm able to get in now and unable to go any higher than /var/jail, so that's good.

    The problem now is that the user is placed into /var/jail instead of /var/jail/home/user upon logging in.

    According to /etc/passwd, the user directory is set correctly to user:1001:1001::/var/jail/home/user:/bin/bash, which is what it should be.
    Last edited by PinkFloyd102489; November 30th, 2012 at 04:51 PM.
    Linux User #460341 || Ubuntu User #19510 || Unanswered Posts Team
    Advanced reply Adv Reply  
  6. November 30th, 2012 #6
    Lars Noodén's Avatar
    Lars Noodén
    Lars Noodén is offline Ubuntu Member
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSH Chroot Jail

    The same thing applies to the home directory as to the shell, nothing outside the jail will be accessible or even visible. So if you want to use /var/jail/home/user as the home directory, it should be written as /home/user
    Advanced reply Adv Reply  
  7. November 30th, 2012 #7
    PinkFloyd102489's Avatar
    PinkFloyd102489
    PinkFloyd102489 is offline Grande Half-n-Half Cinnamon Ubuntu
    Join Date
    Nov 2007
    Location
    NC, USA
    Beans
    829
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SSH Cjhroot Jail

    One last thing hopefully, lol.

    Now, instead of getting a user@host prompt it has "I have no name!@host" prompt and attempting to use nano yields a "Error opening terminal: xterm" error.
    Linux User #460341 || Ubuntu User #19510 || Unanswered Posts Team
    Advanced reply Adv Reply  
  8. November 30th, 2012 #8
    Lars Noodén's Avatar
    Lars Noodén
    Lars Noodén is offline Ubuntu Member
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: SSH Chroot Jail

    Did you create /dev inside the jail and populate it with the devices you need?
    Advanced reply Adv Reply  
  9. November 30th, 2012 #9
    PinkFloyd102489's Avatar
    PinkFloyd102489
    PinkFloyd102489 is offline Grande Half-n-Half Cinnamon Ubuntu
    Join Date
    Nov 2007
    Location
    NC, USA
    Beans
    829
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SSH Cjhroot Jail

    The guide I posted in the OP only has /dev/null, which I did add.
    Linux User #460341 || Ubuntu User #19510 || Unanswered Posts Team
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct