Jail ssh user to home directory on Linux - LinuxConfig.org

Jailing an SSH user to their home directory allows you (the administrator) to exercise a lot of control and security over the user accounts on a Linux system.


This is a companion discussion topic for the original entry at https://linuxconfig.org/jail-ssh-user-to-home-directory-on-linux

After configuring chroot environment I am getting this error for ping
OS: ubuntu 18.04
ping: socket: Permission denied, attempting raw socket…
ping: socket: Operation not permitted
ping: socket: Permission denied, attempting raw socket…
ping: socket: Operation not permitted

Hi Dhiraj_verma,

Welcome to our forums.

Are you trying to ping with the chrooted user? If so, the solution works as designed - the chrooted user will not have access to the rest of the system, functioning ping included.

Hello,

Can you help me with chroot ssh user on Ubuntu 20.04? Putty window closed immeadiatelly upon successful login.

After I checked auth.log there was the following error:
Dec 8 14:13:46 sd-xxxx sshd[540015]: Accepted password for demo from 110.x.x.173 port 2262 ssh2
Dec 8 14:13:46 sd-xxxx sshd[540015]: pam_unix(sshd:session): session opened for user demo by (uid=0)
Dec 8 14:13:46 sd-xxxx systemd-logind[545]: New session 216 of user demo.
Dec 8 14:13:46 sd-xxxx systemd: pam_unix(systemd-user:session): session opened for user demo by (uid=0)
Dec 8 14:13:47 sd-xxxx sshd[540058]: error: /dev/pts/4: No such file or directory

Using latest jailkit won’t work either, jailed user can access to ssh but not jailed.

Hi Lima_Simple,

Welcome to our forums.

What is your ChrootDirectory in your sshd_config file? You should mount pts under that directory’s dev subdirectory. So for example if you have this setting:

ChrootDirectory /secure/jail

You should mount like this (assuming dev directory exists):

$ sudo mount -o bind /dev/pts /secure/jail/dev/pts

I need to enable the use of other commands like git, vim, etc …

How can I do this?

Hi Yano,

Welcome to our forums.

Have you tried extending the list of commands that chroot.sh runs against at step 10 of the tutorial with the commands you require?