ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by Neil » Sat, 25 Jan 2003 18:16:17



Hi All

I have been looking for a chroot patch to ssh for a while.
I have seen and tried most of them , but they all seem to require that
the user has a chroot enviroment in the home dir,

Most users will get confused if they see a bin , etc , lib dir ! ( even
tho they cant bvreak or mangle it )

Also i have seen ssh working without all this but still chrooted. I have
no doubt that it exists somewhere of course for this to work. But it
doesnt appear to be in the users dir , which is what iam looking for.

I know that phpwebhosting.net use a  chroot style enviroment for example
, without all the messy dirs. Does anyone have any ideas how this
acheivable, or if not how to hide the chroot structure from the user.

So does anyone have any information or advice on how to get a chroot
enviroment like this WITHOUT the user seeing all the extra dirs etc of
the chroot enviroment.

Thanks in advance

Neil

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by Nico Kadel-Garci » Sat, 25 Jan 2003 19:38:24



Quote:> Hi All

> I have been looking for a chroot patch to ssh for a while.
> I have seen and tried most of them , but they all seem to require that
> the user has a chroot enviroment in the home dir,

> Most users will get confused if they see a bin , etc , lib dir ! ( even
> tho they cant bvreak or mangle it )

> Also i have seen ssh working without all this but still chrooted. I have
> no doubt that it exists somewhere of course for this to work. But it
> doesnt appear to be in the users dir , which is what iam looking for.

You really can't easily do without these. Proftpd does some very clever
hacking around to *hide* those directories from the user, for example, and
constrain them to another directory.

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by Neil » Sat, 25 Jan 2003 20:22:43





>>Hi All

>>I have been looking for a chroot patch to ssh for a while.
>>I have seen and tried most of them , but they all seem to require that
>>the user has a chroot enviroment in the home dir,

>>Most users will get confused if they see a bin , etc , lib dir ! ( even
>>tho they cant bvreak or mangle it )

>>Also i have seen ssh working without all this but still chrooted. I have
>>no doubt that it exists somewhere of course for this to work. But it
>>doesnt appear to be in the users dir , which is what iam looking for.

> You really can't easily do without these. Proftpd does some very clever
> hacking around to *hide* those directories from the user, for example, and
> constrain them to another directory.

I am looking for an ssh solution here not ftp , i already use vsftpd
server for ftp and everything is chrooted as desired.

Neil

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by tedd » Sun, 26 Jan 2003 02:34:31



Quote:> Hi All

Hello

Quote:> I have been looking for a chroot patch to ssh for a while.
> I have seen and tried most of them , but they all seem to require that
> the user has a chroot enviroment in the home dir,

[snip the rest]

If you don't care that they can see each other's home directories, then you
can create a single chroot for them all with their actual homedirs within
it.

Chroot is /usr/chroot/
User's _Actual_ homedir would be /usr/chroot/home/teddy

dirs visible unless they 'cd ..'

use /usr/chroot/bin/bash

I don't know what you mean by bin/lib dirs confusing a user.  If they're
gonna be ssh'ing in they know what it is.

-teddy

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by Jorey Bum » Sun, 26 Jan 2003 05:20:35




Quote:> I don't know what you mean by bin/lib dirs confusing a user.  If
> they're gonna be ssh'ing in they know what it is.

But if you're trying to nudge newbies away from ftp towards a more secure
protocol like scp or sftp, it's best to present as few distractions as
possible. It's bad enough what they do to their home directories with
FrontPage!
 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by those who know me have no need of my nam » Sun, 26 Jan 2003 05:50:50


in comp.os.linux.security i read:

Quote:>I have been looking for a chroot patch to ssh for a while.
>I have seen and tried most of them , but they all seem to require that
>the user has a chroot enviroment in the home dir,

there must be a jail environment and it must include all those directories,
otherwise they cannot `do' much of anything, e.g., if they type ``mount''
where will the shell find the executable if it's not within the jail?  you
might be able to play tricks during login so that it appears that the user
is on a system by themselves, i.e., create /jail/pid under which you create
etc bin usr/* ... and ~user then (using nfs) mount r/o all the normal stuff
and mount r/w the home directory, then chroot into /jail/pid.

--
bringing you boring signatures for 17 years

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by zmej » Tue, 28 Jan 2003 15:09:50


check out my setup:
dev-null.us
login: cracker
pass: temp123

if thats the setup you are looking for, tell me and i can help you out.


> Hi All

> I have been looking for a chroot patch to ssh for a while.
> I have seen and tried most of them , but they all seem to require that
> the user has a chroot enviroment in the home dir,

> Most users will get confused if they see a bin , etc , lib dir ! ( even
> tho they cant bvreak or mangle it )

> Also i have seen ssh working without all this but still chrooted. I have
> no doubt that it exists somewhere of course for this to work. But it
> doesnt appear to be in the users dir , which is what iam looking for.

> I know that phpwebhosting.net use a  chroot style enviroment for example
> , without all the messy dirs. Does anyone have any ideas how this
> acheivable, or if not how to hide the chroot structure from the user.

> So does anyone have any information or advice on how to get a chroot
> enviroment like this WITHOUT the user seeing all the extra dirs etc of
> the chroot enviroment.

> Thanks in advance

> Neil

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by Pat » Tue, 28 Jan 2003 16:24:21


Greets,


> check out my setup:
> dev-null.us
> login: cracker
> pass: temp123

> if thats the setup you are looking for, tell me and i can help you out.

That's neat.  I checked it out, it acts a little odd:


-rwxr-xr-x    1 root     bin         46700 May 27  2002 /bin/ls

total 528
-rwxr-xr-x    1 root     root       532960 Jan 20 17:48 secure


secure

works nicely.  How's it implemented?  Is it a kernel module?

Regards,
--
Pat Deegan,
Registered Linux User #128131
http://www.psychogenic.com/contact.en.html

 
 
 

ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?

Post by zmej » Tue, 28 Jan 2003 16:57:30


kernel patch =)
ACLs

> Greets,


> > check out my setup:
> > dev-null.us
> > login: cracker
> > pass: temp123

> > if thats the setup you are looking for, tell me and i can help you out.

> That's neat.  I checked it out, it acts a little odd:


> -rwxr-xr-x    1 root     bin         46700 May 27  2002 /bin/ls

> total 528
> -rwxr-xr-x    1 root     root       532960 Jan 20 17:48 secure


> secure

> works nicely.  How's it implemented?  Is it a kernel module?

> Regards,
> --
> Pat Deegan,
> Registered Linux User #128131
> http://www.psychogenic.com/contact.en.html