ssh chrooted CentOS 5.1 Reference:
http://www.howtoforge.com/chroot_ssh_sftp_fedora7
Installation of dependencies.
# yum-y install rpm-build openssl-devel glibc-devel krb5-devel pam-devel gcc unloaded the openssh with chroot # wget http://chrootssh.sourceforge.net/download/openssh-4.5
p1-chroot.tar.bz2 bz2 Unzip the file, which will not create a tarball
# bunzip2 openssh-4.5p1-chroot.tar.bz2 unpack the file.
tar # tar-xvf openssh-4.5p1-chroot.tar openssh.spec Copy the file to / usr / src / redhat / SPECS /
openssh-4.5p1-chroot/contrib/redhat/openssh.spec
# cp / usr / src / redhat / SPECS / changed
to name the folder unpacked
# mv openssh-4.5p1-chroot openssh-4.5p1 compress the folder # tar czvf
openssh openssh-4.5p1-4.5p1.tar.gz Move the archive a / usr / src / redhat / SOURCES / and delete the leftover files were not
q # mv openssh-4.5p1.tar.gz / usr / src / redhat / SOURCES / # rm-rf openssh-4.5 p1 Edit the file # vim / usr / src / redhat / SPECS / openssh.spec and add or modify the following lines.
% define no_x11_askpass 1 % define no_gnome_askpass 1 % configure \\ - without-zlib-version-check \\ - sysconfdir =% {_sysconfdir} / ssh \\ build the package # rpmbuild-bb / usr / src / redhat / SPECS / openssh.spec We generated three packages *. rpm which one is the server and client in the location / usr/src/redhat/RPMS/i386 /
# cd / usr / src / redhat/RPMS/i386 / install packages # rpm-Uvh openssh-4.5p1-1.i386.rpm openssh-server-4.5p1-1.i386.rpm openssh-clients-4.5p1-1. i386.rpm Edit the yum configuration to exclude updates openssh package
# vi / etc / yum.conf #############################
exclude = openssh * ############################# eliminated packages that are no longer necessary
# rpm-e rpm-build openssl-devel glibc-devel krb5-devel pam-devel gcc Now we define our directory where we store our user chroot. depending on the value that we provide. in my case I will create in / home folder
chroot # mkdir / home / chroot create the other folders
# mkdir-p bin lib usr / bin dev etc home # mknod dev / null C 1 3 # mknod dev / zero c 1 May # chmod 666 dev / null dev / zero
This is a script q allow us to copy what is necessary for our chroot, create a file for use chroot_jail in / usr / bin and copy the contents
###############
######## # / bin / bash PATH = / usr / local / sbin: / usr / local / bin: / usr / sbin: / usr / bin: / sbin : / bin APPS = "/ bin / sh / bin / bash / bin / cp /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /bin/rmdir /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors /bin/vi /usr/bin/sftp /usr/libexec/openssh/sftp-server" for prog in $APPS; do mkdir -p ./`dirname $prog` > /dev/null 2>&1 cp $prog ./$prog # obtain a list of related libraries ldd $prog > /dev/nullq if [ "$?" = 0 ] ; then LIBS=`ldd $prog for l in $ LIBS; do mkdir-p. / `Dirname $ l`> / dev / null 2> & 1 cp $ l. / $ L> / dev / null 2> & 1 done fi done ##########################
# vi / usr / bin / chroot_jail Content is copied
# chmod + x / usr / bin / chroot_jail and execute writing
# chroot_jail finished copying files now needed for our cchroot
# cp / lib/ld-2.5.so lib / # cd lib # ln-s
ld-2.5.so ld-linux.so.2 # cd. . # cp / lib/libnss_compat.so.2 lib / # cp / lib/libnss_files.so.2 lib / # cp / lib/libcap.so.1 lib / # cp / lib/libnss_dns.so.2 lib / # cp-R / etc / pam.d / etc / # cp-R / lib / security / lib / # cp-R / etc / security / etc / # cp / etc / login.defs / etc / hosts / Etc / resolv.conf etc / already about to end we will create our files passwd and group of our
chroot # echo '# / bin / bash'> usr / bin / groups # echo "id -Gn ">> usr / bin / groups # touch etc / passwd # grep / etc / passwd-e" ^ root "> etc / passwd # grep / etc / group-e" ^ root "-e" ^ users "> etc / group Now create the user, assigning the directory created
# useradd-s / bin / bash-m-d / home / chroot /. / home / testuser -c "testuser"-g users testuser Le
put a password # passwd testuser
and ready now we can prove.
can not 
