In this article we will look on how to automatically chroot jail selected user ssh login based on the user group. This technique can be quite useful if you what your user to be provided with a limited system environment and at the same time keep them separate from your main system.
This is a companion discussion topic for the original entry at https://linuxconfig.org/how-to-automatically-chroot-jail-selected-ssh-user-logins
radams
Is there a way to have it so each user is jailed into their own environment? example: Each user needs to be jailed into /data/chroot/jail/“User” currently it’s only allowing me to jail all users into /data/chroot/jail/ which still allows each user to see one another’s data etc.
Kundun
Finally a real good tutorial about chroot. I’ve tried 3 others before without success. Thanks for sharing good knowledge !
Cufflink -> Kundun
Agreed. This tutorial helped me configure the environment first try. Thanks!
X3L4
Any idea(s) why I get “bash: ls: command not found” errors for all my commands even when all of the necessary libraries exist?
Tony
How could i use nano editor in chroot environment created by your how to?
Ryan Salomon
There’s a typo:
At this point all is ready and we can chroot
# chroot /vat/chroot
I think you mean the above line to say:
# chroot /var/chroot
Lubos Rendek -> Ryan Salomon
This will be updated shortly… thanks…
Excellent post on setting up a jailed ssh chroot. I would really line to know how this script works:
for i in ( ldd * | grep -v dynamic | cut -d " " -f 3 | sed ‘s/://’ | sort | uniq )
do
echo $i
#cp --parents $i $CHROOT
done
Quesions 1: grep -v dynamic (Where does dynamic come from?)
Question 2: sed ‘s/://’ (I need to research this . Please give me a big hint)
Thanks
1885
Very good tutorial. For CentOS 7.5 I needed to use some more hints from this other article at serverfault “a-proper-way-to-create-a-chrooted-ssh-on-centos-7”