SSH chroot jail problems

pokey144 · April 13, 2010, 11:59pm

Firstly Hi everyone

I setup SFTP and SSH jail using this tutorial:
http://www.howtoforge.com/chrooted-ssh-sftp-tutorial-debian-lenny

SFTP jail works however now when I try to SSH it accepts my password and then just goes to a blank screen. Type any command and the shell session is closed (and putty closes) without error.

I've restarted openssh many times and also the server, just cant get this working!

I can provide the debug for the failed and also a working SSH into the box if you need, just ask.

Server: Debian 5.0.4
OpenSSH_5.1p1

sshd_config:
Subsystem sftp internal-sftp

UseLogin yes

Match user tom
ChrootDirectory /home/%u
ForceCommand internal-sftp

        AllowTcpForwarding no

Also tried:

ChrootDirectory /home/tom

Tried with and without:
X11Forwarding no

Tried:

Subsystem sftp /usr/lib/openssh/sftp-server
ForceCommand /usr/lib/openssh/sftp-server

Permissions:
/home/tom has owner root chmod 755
All files and folders below this are chmod 755 and owner tom

Passwd file:
root:x:0:0:root:/root:/bin/bash
tom:x:1003:1004:Tom,,,:/home/tom:/bin/bash

Any ideas anyone?

pludi · April 14, 2010, 1:18am

Read up on chroot. As soon as a process changes it's root directory, it can't access the files outside anymore. Shell, utilities, password file, ... are out of reach (invisible even). You'll have to set up a minimal environment yourself inside the chroot, mirroring that of a real system.

pokey144 · April 14, 2010, 1:41am

In the tutorial it says to use this script to set that up:

fuschlberger.net - Howto Setup a chroot-jail for ssh/scp with Linux

I ran that for the user tom, the passwd file, bash and various other stuff has been placed inside /home/tom

hergp · April 14, 2010, 1:59am

You also have to remove ForceCommand internal-sftp if you want to use ssh.

pokey144 · April 14, 2010, 2:51am

It worked!!!
I knew it would be something simple..

However now I'm not jailed.. But I'll try to work this out on my own first.

Thanks very much!

---------- Post updated at 04:51 PM ---------- Previous update was at 04:04 PM ----------

ok fixed that too

all i needed was
UseLogin no

SystemEng · August 21, 2010, 1:01am

Hi Pokey

Im having same problems for long..

when it comes to su - user

i get /bin/su : incorrect password

what u mean by setting

userLogin No

where must i specify that

Im using suseLinux 10

Thanks

ebe · September 8, 2010, 3:05pm

hi there people...

i cant seem to get past this "/bin/su : incorrect password" either... ive run the script as prescribed above, but no bananas... im using redhat btw if that counts for anything...and im sure the password is correct..

any help from people who know ??

please.

many thanks

SystemEng · September 9, 2010, 12:35am

Hi ebe,

I have given up for the moment. I have not been able to solve it. But i have posted a script which works fine. It creates the jail and user.

May be you can try to go thru the codes and see...

Its just strange why it doesnt work when i do it manually.. But the script works...

Good luck... If you find some light ....do let me know

cheers

ebe · September 9, 2010, 1:41am

Many thanks... may i see this script your talking about ? Or where did you post it ? It may help somewhat.

cheers

SystemEng · September 9, 2010, 1:50am

Look for the post

creating user on SUSE Linux .. i had uploaded a file

make_chroot_jail.sh

Im not able to upload it again

Check it out

ebe · September 9, 2010, 2:01am

thanks, ive actually used this exact script, after some tailoring on my side... and still does the same thing. but hey thanks for quick response..

SystemEng · September 9, 2010, 2:06am

But do let me know when u sort out the problem