Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.

vineri, 21 august 2015

FreeBSD Chroot SSH user in folder

First... you need to create a user

adduser or
pw useradd testuser -d /usr/local/testuser -s /bin/sh
chown root:testuser /home/testuser # root must own the chroot directory
cp /rescue/sh /home/testuser/bin/
 
In /etc/ssh/sshd_config you must add following lines:
=================================
Match User testuser
    PasswordAuthentication yes
    ChrootDirectory /home/testuser
#    ForceCommand internal-sftp
    AllowTcpForwarding no
    AllowAgentForwarding no
    PermitTunnel no
#    PermitTTY no
    X11Forwarding no
================================
After that restart sshd daemon:    /etc/rc.d/sshd restart

Now... try to login for the first time.

$ ssh testuser@x.x.x.x
Password for testuser@x.x.x.x:
X11 forwarding request failed on channel 0
Last login: Thu Aug 20 15:00:09 2015 from y.y.y.y
Could not chdir to home directory /home/testuser: No such file or directory
Cannot read termcap database;
using dumb terminal settings.
$ ls
ls: not found
$ mc
mc: not found

In this point the test user can run any command.
We must create a folder structure like in main OS. (/bin,/sbin,/usr/bin,/usr/sbin, etc...)
We need to copy all executable and library files from main OS to testuser folders.
 
To install Midnight Commander you can try following procedure:
 
 
 # locate mc | grep bin
/usr/local/bin/mc
 
cp /usr/local/bin/mc /home/testuser/bin/mc
==============
 $ mc  
ELF interpreter /libexec/ld-elf.so.1 not found
Abort trap 
(In this point i copy ld-elf.so.1 to /home/testuser/libexec/ld-elf.so.1)
$ mc
Shared object "libslang.so.2" not found, required by "mc"
$ mc
Shared object "libncurses.so.8" not found, required by "mc"
$ mc
Shared object "libssh2.so.1" not found, required by "mc"
$ mc
Shared object "libgmodule-2.0.so.0" not found, required by "mc"

...........

After I copy all libraries, run again mc

$ mc

(mc:4253): GLib-WARNING **: GError set over the top of a previous GError or uninitialized memory.
This indicates a bug in someone's code. You must ensure an error is NULL before it's set.
The overwriting error message was: Cannot create /home/testuser/.cache/mc directory

Create manual .cache/mc folder in /testuser directory
We will have following structure:
/home/testuser/home/testuser/.cache/mc

After this operation i download mc txz file from Latest.

-Open txz file and copy manual files in folders.

-copy termcap and termcap.db files

cp /usr/share/misc/termcap.db /home/testuser/usr/share/misc/termcap.db
cp /usr/share/misc/termcap /home/testuser/usr/share/misc/termcap 
copy and symlink
cp /etc/termcap /home/testuser/etc/termcap 
 
All done
Nou chrooted user can run mc in own folder.
If you want to give acces to other commands just copy files in own folder structure. 
 
 

 
 

Niciun comentariu:

Map


Visitor Map