Effectively non-chrooted/jailed users. What am i missing? #8
Comments
|
Add the following lines to your config file, and reinstall the jail. dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-server |
I appreciate the response, however, these two lines don't make sense and I've been using Linux for at least 20 years. Are you saying that /usr/lib/openssh needs to be owned by root:root and set to 0755 permissions? If I didn't know any better, you are expecting me to be working with Windows. I am trying to do this on a Linux server. |
|
use this command to edit the specific jail-shell config, sudo jail-shell jail -e test-jailand add those lines to the jail config, after that save and exit. dir /usr/lib/openssh 0755 root:root
clink /usr/lib/openssh/sftp-server /usr/lib/openssh/sftp-serverand then run the following commad to reinstall the specific jail-shell |
Awesome!! that works, but not exactly what I wanted (but very, very close) The goal is to ensure that when users sign in, they are dropped into their home directory. I am currently using for virtual web hosting, the /home//public_html and would like that for the sftp and forcing chroot type behavior so users cannot browse above this directory. Like sftp, i would like users who use ssh to be dropped into their home directory. I would also like to see that they cannot browse above their /home// directory. Can this be achieved with jail-shell and how? Additionally, i am stumped as to what the proper permissions should be for /home and for /home/[user]/. Mind you, I am using containerized Apache/PHP etc with a bind mount between the container's /var/www/html and the local host file system's /home/[user]/public_html. This is the ideal situation however if things need to be different to use the jail-shell system, I would be more than glad to adopt your methods or techniques. TLDR; (Shorter description of needs)
Your help is greatly appreciated. I just donated $30 USD to show my appreciation and if you can help me solve my problem you will be greatly rewarded as I can do so. |
|
try the following config, this will map /home/[user] in jail /home/[user] bind /home/%u/ /home/%u/ rw,nodev,noexec,nosuid
|
I have followed the instructions to to install and jail-shell is compiled and installed.
Now when i follow the instructions to create a new user on the system called "tester", i am STILL able to see the entire file system, including those of other users on the system, both with SSH and SFTP. This is NOT what I am after.
I need each user on my system to have their own shell, restricted to a very limited set of commands that i wish they have access to, plus I need them only to be able to see or navigate only the files they own within their own home directory. When SFTP is used, they should not be able to move outside their directory.
What is the magic words I need to be searching for because restricted shell, jail nor chroot all work for both SSH and SFTP even though SFTP is uses SSH2.
I am at my wits end here. This is what prevents me from moving away from cPanel. I am building a cPanel-like web hosting solution based around Traefik 2.x but this security stuff needs to be addressed first. This will be open sourced.
Your help is appreciated.
UPDATE:
I was finally able to get the jail-shell working for "tester" where SSH is concerned but i still don't have any SFTP access.
The text was updated successfully, but these errors were encountered: