You are not logged in.
- Topics: Active | Unanswered
#1 2005-04-02 21:11:16
- FUBAR
- Member
- From: Belgium
- Registered: 2004-12-08
- Posts: 1,029
- Website
Setting up a chroot for users who SSH into my box
I'm trying to help out with the Arch_i586 project and so I have offered my i586 for computing purposes. For this I have to give access to fellow contributors so they can actually use this i586 (and other i586's in my LAN). I was thinking it would be best to have users chrooted into a jail so they can't mess around with the rest of my system as I'm planning to do other stuff with it as well. I have no experience with chrooting tho. I read a Debian guide (Appendix G - Chroot environment for SSH) but I'm still not a lot wiser.
Since the users who'll have access to my box will need to compile a lot of stuff (or have to be able to control distcc), this will be an extensive jail. Does anyone have any tips on how to approach this problem?
A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.
Offline
#2 2005-04-02 22:44:18
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: Setting up a chroot for users who SSH into my box
fubar..what type of system is this?
You might want to take a look at something like xen, qemu, or even usermodlinux. It might be easier to provide a vm or usermode type setup for the users to use, then the rest of you system would be untouchable by them.
I only suggest this, because with building packages, they likely will need quite a few libraries intstalled and so forth..
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#3 2005-04-03 11:04:10
- FUBAR
- Member
- From: Belgium
- Registered: 2004-12-08
- Posts: 1,029
- Website
Re: Setting up a chroot for users who SSH into my box
Yes, I know. That's why I wanted to chroot them. But I also realize they'll need compilers and libs and stuff. I'm going to use my trusty ProLiant 1500R (2xP166, 256MB RAM) for it.
I read your thread about it, but you never really posted a solution or whether or not you got it working.
Do xen, qemu and usermodlinux make SSH-logins possible?
A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.
Offline
#4 2005-04-03 20:13:03
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: Setting up a chroot for users who SSH into my box
they are virtual machines, so in effect, think of them as a whole computer instance inside of your computer instance. You could set it up with a full install if you desired..
And no, I never got chroot'ed ssh working. Now that I think about it, I don't remember what I ended up doing..*scratches chin*
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#5 2005-04-08 12:47:48
- lucke
- Member
- From: Poland
- Registered: 2004-11-30
- Posts: 4,018
Re: Setting up a chroot for users who SSH into my box
Have you looked at jailkit?
Offline
#6 2005-05-20 10:18:00
- Father
- Member
- From: Australia
- Registered: 2004-06-01
- Posts: 209
Re: Setting up a chroot for users who SSH into my box
RSSH is an _extremely_ simple SSH jail program.. it gives you control over who is chrooted, where each user / group / everyone is chrooted too, and what protocols are chrooted.. very nice.. very simple..
it doesnt seem to have had many security holes in the past few years (only 1 that i can remember)
i believe its in the repos aswell since im running it on my sftp server
Offline