After setting up my secure ftp server (vsftpd) I needed a solution to allow users to log in, without giving them access to the entire system.
This is my first "How To" so i hope it'll be able to help someone
.
In order to set up the ssh enviroment, I used Jailkit. You can get it here.
Installation
After downloading it, compile and install it:
Code:
tar -zxvf jailkit-2.0.tar.gz
Setting The "Jail" Up
After you've installed it, it's time to set up the "root" directory (the directory to which the users will be jailed to).
Code:
sudo chown root:root /jail
Creating the Proper Environment
The following lines will allow the logged in user to use whichever set of programs you won't to allow:
Code:
sudo jk_init -v /jail basicshell
sudo jk_init -v /jail editors
sudo jk_init -v /jail extendedshell
sudo jk_init -v /jail netutils
sudo jk_init -v /jail ssh
sudo jk_init -v /jail sftp
Creating and Jailing the User
Code:
sudo adduser thomas
Code:
sudo jk_jailuser -m -j /jail thomas
In /etc/passwd thomas' line should look something like that:
Code:
thomas:x:1001:500::/jail/./home/thomas:/usr/sbin/jk_chrootsh
Don't forget to set the password while you're at it:
Setting Up the Home Directory
To the users logging in to this secured environment "/jail" will just show up as the "/" directory, so setting up a home directory is also needed:
Code:
sudo mkdir -p /jail/home/thomas
Code:
chown thomas:thomas /jail/home/thomas
Passwords
edit the /jail/etc/passwd and /jail/etc/group files with your favorite editor and add these lines (The numbers mentioned are the user and groups id, which you can check by opening the /etc/passwd file and look for the appropriate user):
Code:
sudo vi /jail/etc/group
paste and save this:
thomas:x:500:
Code:
sudo vi /jail/etc/passwd
paste and save this:
thomas:x:1001:500::/home/thomas:/bin/bash
One last thing:
Code:
sudo cp /home/trawler/.bashrc /jail/home/thomas
Code:
sudo chown thomas:thomas /jail/home/thomas/.bashrc
And that should do it! 
you can check the configuration by "ssh'ing" your machine:
Code:
ssh thomas@localhost
And make sure everything's ok.
If anything's gone wrong /var/log/auth.log will give you the needed details:
Code:
tail /var/log/auth.log
Bookmarks