You are not logged in.

#1 2005-04-02 21:11:16

FUBAR
Member
From: Belgium
Registered: 2004-12-08
Posts: 1,029
Website

Setting up a chroot for users who SSH into my box

I'm trying to help out with the Arch_i586 project and so I have offered my i586 for computing purposes. For this I have to give access to fellow contributors so they can actually use this i586 (and other i586's in my LAN). I was thinking it would be best to have users chrooted into a jail so they can't mess around with the rest of my system as I'm planning to do other stuff with it as well. I have no experience with chrooting tho. I read a Debian guide (Appendix G - Chroot environment for SSH) but I'm still not a lot wiser.

Since the users who'll have access to my box will need to compile a lot of stuff (or have to be able to control distcc), this will be an extensive jail. Does anyone have any tips on how to approach this problem?


A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

Offline

#2 2005-04-02 22:44:18

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Setting up a chroot for users who SSH into my box

fubar..what type of system is this?
You might want to take a look at something like xen, qemu, or even usermodlinux. It might be easier to provide a vm or usermode type setup for the users to use, then the rest of you system would be untouchable by them.
I only suggest this, because with building packages, they likely will need quite a few libraries intstalled and so forth..


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2005-04-03 11:04:10

FUBAR
Member
From: Belgium
Registered: 2004-12-08
Posts: 1,029
Website

Re: Setting up a chroot for users who SSH into my box

Yes, I know. That's why I wanted to chroot them. But I also realize they'll need compilers and libs and stuff. I'm going to use my trusty ProLiant 1500R (2xP166, 256MB RAM) for it.

I read your thread about it, but you never really posted a solution or whether or not you got it working.

Do xen, qemu and usermodlinux make SSH-logins possible?


A bus station is where a bus stops.
A train station is where a train stops.
On my desk I have a workstation.

Offline

#4 2005-04-03 20:13:03

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: Setting up a chroot for users who SSH into my box

they are virtual machines, so in effect, think of them as a whole computer instance inside of your computer instance. You could set it up with a full install if you desired..

And no, I never got chroot'ed ssh working. Now that I think about it, I don't remember what I ended up doing..*scratches chin*


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#5 2005-04-08 12:47:48

lucke
Member
From: Poland
Registered: 2004-11-30
Posts: 4,017

Re: Setting up a chroot for users who SSH into my box

Have you looked at jailkit?

Offline

#6 2005-05-20 10:18:00

Father
Member
From: Australia
Registered: 2004-06-01
Posts: 209

Re: Setting up a chroot for users who SSH into my box

RSSH is an _extremely_ simple SSH jail program.. it gives you control over who is chrooted, where each user / group / everyone is chrooted too, and what protocols are chrooted.. very nice.. very simple..

it doesnt seem to have had many security holes in the past few years (only 1 that i can remember)

i believe its in the repos aswell since im running it on my sftp server

Offline

Board footer

Powered by FluxBB