Tuesday, August 30, 2016

how to chroot jail for ssh access

1- install jailkit
$ wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.bz2
$ bzip2 jailkit-2.19.tar.bz2
$ tar xvf jailkit-2.19.tar
$ cd jailkit-2.19
$ ./configure
$ make
$ sudo make install

2- create a jail environment in directory /var/jail
$ mkdir /var/jail
$ cd /var/jail
$ jk_init /var/jail basicshell
$ mkdir home

3- create group sshusers and create the first jailed user name user1
$ sudo groupadd sshusers
$ sudo useradd  -m -d /var/jail/home/user1 -g sshusers user1

4- update sshd configuration on file /etc/ssh/sshd_config, adding the following at the end of the file
Match group sshusers
          ChrootDirectory /var/jail/
          X11Forwarding no
          AllowTcpForwarding no

5- restart ssh service then when you ssh using user user1, it will be jailed to directory /var/jail
$ sudo /etc/iniit.d/ssh restart

- screenshoot of jailing a user1 with a few files in /etc directory .

No comments:

Post a Comment