search for: pam_chroot

Has anyone got the pam_chroot module to successfully work in FreeBSD? I have FreeBSD 5.2-RELEASE installed. I copied the appropriate binaries and libraries into my chroot, I can chroot -u test -g test /home/test /usr/local/bin/bash and it works perfectly. So now I am trying to get the pam module to work. I added session...

Hi everybody. I got a problem here. I want to use chroot + sshd service. env: RHEL 5.2 tail -1 /etc/pam.d/sshd session required pam_chroot.so debug tail /etc/security/chroot.conf terry /users ssh terry at 192.168.20.11 faile tail /var/log/secure Jun 7 05:05:40 node1 sshd[5397]: pam_chroot(sshd:session): chroot(/users) succeeded <- chroot /users succeeded Jun 6 21:05:40 node1 sshd[5397]: pam_unix(sshd:se...

...Google and I basically saw several methods: - OpenSSH 5 supports ChrootDirectory (FC9 apparently has RPMs that probably could be rebuilt under CentOS 5) - There seem to be several patches for OpenSSH 4.x to do the chroot, the most popular seems to be http://chrootssh.sf.net/ - There appears to be a pam_chroot - There are solutions based on setting the user's shell to a script/binary that does the chroot By quickly looking at yum list, it doesn't seem like neither RHEL nor CentOS directly support any of those, at least I didn't find any RPMs for any of those. If anyone is doing it, I would...

http://bugzilla.mindrot.org/show_bug.cgi?id=951 Summary: SSH2 protocol breaks pam chroot auth Product: Portable OpenSSH Version: 3.9p1 Platform: Other URL: --- OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: PAM support AssignedTo: openssh-bugs at mindrot.org

I've been trying to get openssh to play nicely with chroot()'ed accounts (on Red Hat Linux 7.1), but so far, I haven't had much success. I can stick this line in /etc/pam.d/sshd: session required /lib/security/pam_chroot.so debug onerr=fail For slogin, this works great. But scp and sftp don't apply the chroot, because they don't invoke do_pam_session(). Even worse, I can't disable sftp access for chroot()'ed accounts without disabling it for everyone. (Using the "command" option in the...

http://bugzilla.mindrot.org/show_bug.cgi?id=926 ------- Comment #8 from djm at mindrot.org 2006-05-22 15:12 ------- I don't understand - surely the limits should be applied in the *child* process and not the parent process? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I've used ssh as a secure telnet up to now but done little else with it. The FreeBSD machines I look after on our internet-facing network all have one account which I connect to for administration. I've set up /etc/hosts.allow on all the machines to only allow ssh from a limited internal network range. Now I want to create a new account on one machine which will be accessible from the

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red