similar to: Chrooted rsync over ssh

I setup a ssh chroot jail following this[1] guide. It works for my user to login, use ls and use scp which is all I really want. I do have a problem I cannot solve: when connected and navigating the filesystem, the backspace key actually moves the cursor forward and does not delete what I type. I may have found a hint from some googling that readline will read in /etc/inputrc on login but if

I have a need to have users SSH into a server where they are limited to a chroot jail (sandbox). Once they are there, they need to be able to execute 'ssh' and 'scp' to other systems. I've no problem setting up the basic chroot jail and providing basic functionality (ls, cat, less, etc). The part that is stopping me is setting it up so that that user can then 'ssh'

Hi all, I am running Debian Etch. I've compiled openssh-5.0p1 with pam support. I'd like to use a chrooted sftp environment for my users and also log their sftp file transfers. Currently file transfer logging stops working when I implement a jail. Logging from within the chroot seems like a useful feature. I hope it makes it in sooner rather than later. Here's the contents of my

Hi everyone I would like to enable unprivileged users to share only certain directories using SFTP without acquiring root, without setting capabilities using public-key-based forced commands. In another use case unprivileged users could write scripts that evaluate "$SSH_ORIGINAL_COMMAND" and then either execute sftp-server in a jail "$SSH_ORIGINAL_COMMAND" after

Hello - I am trying to set up a ssh chroot account on a Red Hat Enterprise Linux 5 server. I have my jail set up and have copied over a selection of commands and their libraries. I have also created a / dev and some devices. As part of that, I had to create a /dev/pts directory to handle the terminals. However, when I try to connect as the chrooted user, I get the following error:

I'm stuck on a problem with rsync... We've got a chrooted shell with rsync and all the needed libs inside (and not much else). We're using rsync over ssh to send the files into this chrooted session. The rsync binary in the chrooted session is SUID root so that it can create the files with the correct UID/GID. When the following is run, it creates all the files as root.staff, not

Martin Pool wrote: > > > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU> > > Date: 05 May 1997 12:23:05 -0400 > > > [mod: Yes. One "catchall" would be to modify "suser()" to return > > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > > chrooted environment just

[Sorry about "top posting": my OT question arises from the subject..] Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD jails, and as I run CentOS and some other Linuxes for quite some time I was under impression that there is no such thing as jail under Linux [at least those flavors I run]. Under Linux I did use in variety of places chrooted

Our firm uses a dedicated virtual host to provide ssh tunnels for remote employee access to various internal services and for http/s access to the outside world. For security reasons I would like to have the remote users forward their dns lookups over the tunnel as well. However, we recently chrooted a number of ssh users and these accounts cannot resolve dns queries passed over the tunnel. I

> Klaas Jan Wierenga wrote: > > > I'm not using yp directory listings, but I can guess why it is not > > working. > > You're probably missing the libcurl.so library in your chroot jail > > directories. Here's the listing of files I have in the chroot jail: > > Definitely not, I rebuilt the whole lib structure i got from > ldd in my chroot But

Please post to the mailing list the next time Ralf. I'm not using yp directory listings, but I can guess why it is not working. You're probably missing the libcurl.so library in your chroot jail directories. Here's the listing of files I have in the chroot jail: -----%< cut here > ls -R .: admin etc lib opt usr var web ./admin: listclients.xsl listmounts.xsl

Using OpenSSH SFTP with chroot ============================== Several people have been asking now for some kind of documentation on how to use the chroot-patch for the sftp-server. So here it comes. I hope nobody minds that i post this in the developer list. The patch has been provided to the list some time ago. I'm sorry not giving credit to the author, but I really don't know who

I just did a bit of testing on OpenBSD and there the above setup seems to work and I can remove the files just fine over sftp. So this thing should work but there's still something causing it to fail on CentOS's side. One difference between our CentOS and OpenBSD is that OpenBSD uses newer openssh server. I looked through the release notes and didn't see any changes related to

I just downloaded the bind-chroot rpm and looked into it with Archive manager (so I am lazy), and no files, just the chroot tree. I am assuming there is some script that Archive manager does not show, or I am just missing it, because the ROOTDIR= did get added to /etc/sysconfig/named (and the one in the bind rpm is without this line). Just interesting that if you chroot, you are expected to

Hi I have very special needs and i wanted to use rsync over ssh. I don't know if a solution already exists for what i want to do. I want to provide rsync over ssh to my users. Howevern i want to have the following limitations : 1. No shell access 2. Limitting users to their home directories I was thinking to the folowing solution, but i don't know if it is secure enough : Create a

Hi, I've been struggling with this problem for the last couple of hours and am nowhere near solving the problem. I am trying to run a tftp server in a chroot jail. Now perhaps I am being paranoid, but I would like to have it launched from within its own jail even if it supposedly does a chroot itself and runs with a parameterizable user. I downloaded the atftp-server package and tried

Hi, I have trouble setting up chrooted SFTP for our user. I got the basic SFTP chroot working, user is chrooted to its home directory, I've added /home/userb/etc directory with dummy passwd, group and localtime files. The problem is that instead of only accessing its own files, I need the user to be able to remove another users files. I have web application which runs as different user, the

-----BEGIN PGP SIGNED MESSAGE----- > Date: Fri, 2 May 1997 12:33:00 -0500 > From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM> > On almost all Unix operating systems, having superuser access in a > chroot() jail is still dangerous. In some recent revisions of 4.4BSD > operating systems, root can trivially escape chroot(), as well. I was thinking about possible attacks

In article <Pine.LNX.3.95.970503190235.5733A-100000@puck.nether.net>, Myles Uyema <linux-security@redhat.com> wrote: > [mod: But from reading the source I think you don''t need a /dev entry > to remount the partition without the nodev. Moreover you could MAKE > the /dev entry and use that if it were necessary. But that is not the > issue. The issue is that a

I successfully chrooted R running Rserve with an unprivileged user, and thought I'd publish the process. Attached is a jailkit.ini for use with jailkit;* and a chroot/setuid wrapper, chwrap.c. To set up the chroot in, for instance, /var/R; perform: mkdir -v /var/R jk_init -v -c jailkit.ini -j /var/R R then create the unprivileged user `r': useradd r After compiling chwrap