Find the answer to your Linux question:
Results 1 to 3 of 3
Hi everybody, I am trying for setting the chroot for ssh. I entered the following entry in the /etc/pam.d/sshd file session required pam_chroot.so onerr=fail and I entered the entry for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Jul 2004
    Posts
    143

    ssh chroot jail problem


    Hi everybody,

    I am trying for setting the chroot for ssh.

    I entered the following entry in the /etc/pam.d/sshd file
    session required pam_chroot.so onerr=fail

    and I entered the entry for user1 in /etc/security/chroot.conf file
    user1 /home/user1

    And I did the modifications to /etc/ssh/ssd_config file

    UsePrivilegeSeparation no


    after that, while logging to the ssh server with the user1 account, I am getting the following errors.

    #ssh localhost -l user1

    Connection to 192.168.30.10 closed by remote host.
    Connection to 192.168.30.10 closed.



    My /var/log/secure entries for this event are :

    Jan 19 16:14:14 ndserver sshd[15669]: Accepted password for user1 from 192.168.30.10 port 1195 ssh2
    Jan 19 16:14:14 ndserver pam_chroot[15669]: /home/user1 is writable by non-root
    Jan 19 16:14:14 ndserver sshd[15669]: fatal: PAM session setup failed[14]: Cannot make/remove an entry for the specified session


    Please help me.

    thanks & regards,
    yogendra.

  2. #2
    Linux Enthusiast
    Join Date
    Apr 2004
    Location
    UK
    Posts
    682
    Chroot can be tricky, particularly with ssh. A quick google turned up chroot-ssh, a set of patches that allow ssh to be chrooted. http://www.brandonhutchinson.com/chroot_ssh.html have you had a look at these?

    Also, have you copied suitable programs into /home/user1 like bash and cp and so on. Once ssh has been chrooted it can't see the apps installed on the rest of the system which means it can't run bash or similar once you have logged in.

    Let us know how you get on,

    Chris...
    To be good, you must first be bad. "Newbie" is a rank, not a slight.

  3. #3
    Just Joined!
    Join Date
    Apr 2006
    Location
    Grants Pass OR
    Posts
    2

    Question OK trying to do wrong thing, sorry but still a problem

    OK vsftpd was working fine. My real problem is I want to restrict user access our system with sftp and scp to their home directory. My bad, sorry. Can you assist me in how to do this?

    thanks, Al

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •