Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- it-wiki:linux:ssh_chrooted_jail [2021/03/10 20:33] – marko
+++ it-wiki:linux:ssh_chrooted_jail [2021/03/10 21:06] (aktuell) – [Step 7. Testing SFTP with Chroot Jail] marko
@@ Zeile 72: / Zeile 72: @@
 ==== Step 4: Configure SSH to Use Chroot Jail ====
-. Now, open the ''sshd_config'' file.
+**9.** Now, open the ''sshd_config'' file.
 <code bash>
 # vi /etc/ssh/sshd_config
@@ Zeile 85: / Zeile 85: @@
 </code>
 {{ :it-wiki:linux:configure-ssh-chroot-jail.png?nolink |}}
+Save the file and exit, and restart the SSHD services:
+<code bash>
+# systemctl restart sshd
+</code>
+==== Step 5: Testing SSH with Chroot Jail ====
+**10.** At this point, test if the chroot jail setup is working as expected:
+<code bash>
+# ssh tecmint@192.168.0.10
+-bash-4.1$ ls
+-bash-4.1$ date
+-bash-4.1$ uname
+</code>
+{{ :it-wiki:linux:testing-ssh-user-chroot-jail.png?nolink |}}
+From the screenshot above, we can see that the SSH user is locked in the chrooted jail, and can’t run any external commands (ls, date, uname etc).
+The user can only execute bash and its builtin commands such as(pwd, history, echo etc) as seen below:
+<code bash>
+# ssh tecmint@192.168.0.10
+-bash-4.1$ pwd
+-bash-4.1$ echo "Tecmint - Fastest Growing Linux Site"
+-bash-4.1$ history
+</code>
+{{ :it-wiki:linux:ssh-builtin-commands.png?nolink |}}
+==== Step 6. Create SSH User’s Home Directory and Add Linux Commands ====
+**11.** From the previous step, we can notice that the user is locked in the root directory, we can create a home directory for the the SSH user like so (do this for all future users):
+<code bash>
+# mkdir -p /home/test/home/tecmint
+# chown -R tecmint:tecmint /home/test/home/tecmint
+# chmod -R 0700 /home/test/home/tecmint
+</code>
+{{ :it-wiki:linux:create-ssh-user-home-directory.png?nolink |}}
+**12.** Next, install a few user commands such as ls, date, mkdir in the ''bin'' directory:
+<code bash>
+# cp -v /bin/ls /home/test/bin/
+# cp -v /bin/date /home/test/bin/
+# cp -v /bin/mkdir /home/test/bin/
+</code>
+{{ :it-wiki:linux:add-commands-to-ssh-user.png?nolink |}}
+**13.** Next, check the shared libraries for the commands above and move them into the chrooted jail libraries directory:
+<code bash>
+# ldd /bin/ls
+# cp -v /lib64/{libselinux.so.1,libcap.so.2,libacl.so.1,libc.so.6,libpcre.so.1,libdl.so.2,ld-linux-x86-64.so.2,libattr.so.1,libpthread.so.0} /home/test/lib64/
+</code>
+{{ :it-wiki:linux:copy-shared-libraries.png?nolink |}}
+==== Step 7. Testing SFTP with Chroot Jail ====
+**14.** Do a final test using sftp; check if the commands you have just installed are working.
+Add the line below in the ''/etc/ssh/sshd_config'' file:
+<code bash>
+#Enable sftp to chrooted jail
+ForceCommand internal-sftp
+</code>
+Save the file and exit. Then restart the SSHD services:
+<code bash>
+# systemctl restart sshd
+</code>
+**15.** Now, test using SSH, you’ll get the following error:
+<code bash>
+# ssh tecmint@192.168.0.10
+</code>
+{{ :it-wiki:linux:test-ssh-chroot-jail.png?nolink |}}
+Try using SFTP as follows:
+<code>
+# sftp tecmint@192.168.0.10
+</code>
+{{ :it-wiki:linux:testing-sftp-ssh-user.png?nolink |}}