Hello all.
I want to use the Chrootdirctory feature of openssh on FreeBSD 10.2 And
I tried it on 10.1 but gave up...
Whatever I do I can not make it work on 10 without error messages, but I
got it working on FreeBSD 8
This is what I have in my /etc/ssh/sshd_config file.
# Example of overriding settings on a per-user basis
Match User testuser1
ChrootDirectory /restricted/%u
X11Forwarding no
AllowTcpForwarding no
I created the dir /restricted and the directory testuser1 the
permissions are set to root owned.
I created the directory /bin inside /restricted/testuser1 and put the sh
file from /rescue there
If I log on to the system I get the following
ssh testuser1 at 192.168.1.14
Password for testuser1 at node_1:
Last login: Sat Aug 22 17:05:52 2015 from 192.168.1.13
Could not chdir to home directory /restricted/testuser1: No such file or
directory
Cannot read termcap database;
using dumb terminal settings.
%>From here I can do ls and so on if I copy ls, mkdir and other programs
from /rescue to /restricted/username/bin , and can not escape my home,
this is what I want but the error messages are frustrating.
If I change to csh in /etc/passwd it gives me the following
sh testuser1 at 192.168.1.14
Password for testuser1 at node_1:
Last login: Sat Aug 22 17:16:32 2015 from 192.168.1.13
Could not chdir to home directory /restricted/testuser1: No such file or
directory
csh: Cannot open /etc/termcap.
csh: using dumb terminal settings.
%
I think I followed all the tutorials on the internet, and now I get to
the point it gets really frustrating. :D
I think I do something wrong, but I can not find it.
Is there someone who got this working on FreeBSD 10, I have it working
on my linux machines also without problem.
Thank you for your time.
regards
Johan
On Sat, Aug 22, 2015 at 9:32 AM, Johan Hendriks <joh.hendriks at gmail.com> wrote:> Last login: Sat Aug 22 17:05:52 2015 from 192.168.1.13 > Could not chdir to home directory /restricted/testuser1: No such file or > directory > Cannot read termcap database; > using dumb terminal settings. > % > From here I can do ls and so on if I copy ls, mkdir and other programs > from /rescue to /restricted/username/bin , and can not escape my home, > this is what I want but the error messages are frustrating. >You have the chroot directory both as a chroot directory and a home directory. This means that the *actual* home directory, as seen from outside the chroot, is /restricted/testuser1/restricted/testuser1. (Home directory is *inside* the chroot directory and therefore relative to it.) The termcap message should be self-explanatory; you're missing /etc/termcap inside the chroot. chroot is what it says on the tin: once set, the specified directory is "/". Every file accessed from that point on MUST be available from a tree in which the specified chroot directory is "/". This includes symlinks --- symlink resolution doesn't get to see outside the specified "/" any more than anything else running in the chroot does, so you cannot simply symlink to a file outside the chroot. (Hard links are fine, since they are actually by inode number; they just have to be on the same partition.) -- brandon s allbery kf8nh sine nomine associates allbery.b at gmail.com ballbery at sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net