Jail ssh user to home directory on Linux - LinuxConfig.org

Korbin · August 18, 2020, 6:40am

Jailing an SSH user to their home directory allows you (the administrator) to exercise a lot of control and security over the user accounts on a Linux system.

This is a companion discussion topic for the original entry at https://linuxconfig.org/jail-ssh-user-to-home-directory-on-linux

dhiraj_verma · November 15, 2020, 5:36pm

After configuring chroot environment I am getting this error for ping
OS: ubuntu 18.04
ping: socket: Permission denied, attempting raw socket…
ping: socket: Operation not permitted
ping: socket: Permission denied, attempting raw socket…
ping: socket: Operation not permitted

sandmann · November 15, 2020, 6:33pm

Hi Dhiraj_verma,

Welcome to our forums.

Are you trying to ping with the chrooted user? If so, the solution works as designed - the chrooted user will not have access to the rest of the system, functioning ping included.

Lima_Simple · December 8, 2020, 7:23am

Hello,

Can you help me with chroot ssh user on Ubuntu 20.04? Putty window closed immeadiatelly upon successful login.

After I checked auth.log there was the following error:
Dec 8 14:13:46 sd-xxxx sshd[540015]: Accepted password for demo from 110.x.x.173 port 2262 ssh2
Dec 8 14:13:46 sd-xxxx sshd[540015]: pam_unix(sshd:session): session opened for user demo by (uid=0)
Dec 8 14:13:46 sd-xxxx systemd-logind[545]: New session 216 of user demo.
Dec 8 14:13:46 sd-xxxx systemd: pam_unix(systemd-user:session): session opened for user demo by (uid=0)
Dec 8 14:13:47 sd-xxxx sshd[540058]: error: /dev/pts/4: No such file or directory

Using latest jailkit won’t work either, jailed user can access to ssh but not jailed.

sandmann · December 8, 2020, 7:16pm

Hi Lima_Simple,

Welcome to our forums.

What is your ChrootDirectory in your sshd_config file? You should mount pts under that directory’s dev subdirectory. So for example if you have this setting:

ChrootDirectory /secure/jail

You should mount like this (assuming dev directory exists):

$ sudo mount -o bind /dev/pts /secure/jail/dev/pts

Yano · December 31, 2020, 4:17am

I need to enable the use of other commands like git, vim, etc …

How can I do this?

sandmann · January 4, 2021, 5:22pm

Hi Yano,

Welcome to our forums.

Have you tried extending the list of commands that chroot.sh runs against at step 10 of the tutorial with the commands you require?

kamal.joshi · July 29, 2021, 5:44pm

Several keys are not working, such as backspace. Tried stty sane but it is not working for me. Any suggestion? Thanks for tutorial.

DrakeSeven · August 18, 2023, 12:51pm

At Step 10 I had a problem:
SSH login with user exampe threw an error and immediately closed the connection:

/bin/sh: No such file or directory

Solution:
in Step 4, bash was copied as a shell but Debian GNU/Linux 11 needs sh.
So simply copy sh to /var/chroot/bin

cp /bin/sh /var/chroot/bin

@Korbin maybe it’s a good idea to mention this in step 4.

Apart from that it’s an excellent article! Thank you.