TuxNet DokuWiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
it-wiki:linux:ssh_chrooted_jail

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
it-wiki:linux:ssh_chrooted_jail [2021/03/10 20:43] – [Step 5: Testing SSH with Chroot Jail] markoit-wiki:linux:ssh_chrooted_jail [2021/03/10 21:06] (aktuell) – [Step 7. Testing SFTP with Chroot Jail] marko
Zeile 72: Zeile 72:
  
 ==== Step 4: Configure SSH to Use Chroot Jail ==== ==== Step 4: Configure SSH to Use Chroot Jail ====
-9. Now, open the ''sshd_config'' file.+**9.** Now, open the ''sshd_config'' file.
 <code bash> <code bash>
 # vi /etc/ssh/sshd_config # vi /etc/ssh/sshd_config
Zeile 92: Zeile 92:
  
 ==== Step 5: Testing SSH with Chroot Jail ==== ==== Step 5: Testing SSH with Chroot Jail ====
-''10.'' At this point, test if the chroot jail setup is working as expected:+**10.** At this point, test if the chroot jail setup is working as expected:
 <code bash> <code bash>
 # ssh tecmint@192.168.0.10 # ssh tecmint@192.168.0.10
Zeile 110: Zeile 110:
 -bash-4.1$ history -bash-4.1$ history
 </code> </code>
 +{{ :it-wiki:linux:ssh-builtin-commands.png?nolink |}}
 +
 +==== Step 6. Create SSH User’s Home Directory and Add Linux Commands ====
 +**11.** From the previous step, we can notice that the user is locked in the root directory, we can create a home directory for the the SSH user like so (do this for all future users):
 +<code bash>
 +# mkdir -p /home/test/home/tecmint
 +# chown -R tecmint:tecmint /home/test/home/tecmint
 +# chmod -R 0700 /home/test/home/tecmint
 +</code>
 +{{ :it-wiki:linux:create-ssh-user-home-directory.png?nolink |}}
 +
 +**12.** Next, install a few user commands such as ls, date, mkdir in the ''bin'' directory:
 +<code bash>
 +# cp -v /bin/ls /home/test/bin/
 +# cp -v /bin/date /home/test/bin/
 +# cp -v /bin/mkdir /home/test/bin/
 +</code>
 +{{ :it-wiki:linux:add-commands-to-ssh-user.png?nolink |}}
 +
 +**13.** Next, check the shared libraries for the commands above and move them into the chrooted jail libraries directory:
 +<code bash>
 +# ldd /bin/ls
 +# cp -v /lib64/{libselinux.so.1,libcap.so.2,libacl.so.1,libc.so.6,libpcre.so.1,libdl.so.2,ld-linux-x86-64.so.2,libattr.so.1,libpthread.so.0} /home/test/lib64/
 +</code>
 +{{ :it-wiki:linux:copy-shared-libraries.png?nolink |}}
 +
 +==== Step 7. Testing SFTP with Chroot Jail ====
 +**14.** Do a final test using sftp; check if the commands you have just installed are working.
 +
 +Add the line below in the ''/etc/ssh/sshd_config'' file:
 +<code bash>
 +#Enable sftp to chrooted jail 
 +ForceCommand internal-sftp
 +</code>
 +
 +Save the file and exit. Then restart the SSHD services:
 +<code bash>
 +# systemctl restart sshd
 +</code>
 +
 +**15.** Now, test using SSH, you’ll get the following error:
 +<code bash>
 +# ssh tecmint@192.168.0.10
 +</code>
 +{{ :it-wiki:linux:test-ssh-chroot-jail.png?nolink |}}
 +
 +Try using SFTP as follows:
 +<code>
 +# sftp tecmint@192.168.0.10
 +</code>
 +{{ :it-wiki:linux:testing-sftp-ssh-user.png?nolink |}}
  
it-wiki/linux/ssh_chrooted_jail.1615409027.txt.gz · Zuletzt geändert: von marko