DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2011-10-23 05:09:04
- fosgu
- Member
- Registered: 2011-10-20
- Posts: 13
SSH lock user to their own directory
*If there is already a post with the answer, let me know*
I am still new to this. Used a Linux in the past, but very little terminal use. I am trying to setup a SSH account on my DNS-323 which will be locked down to one directory and any sub directory that account creates.
I have made several attempts but each time, the user can go to any directory the root has access to.
I will be using Telnet to connect, if I need to make modifications as the root.
For the SSH client, I am using FileZilla
I am going to change \ffp\etc\ssh\sshd_config back to the defaults until I can find my answer.
I would like help from start (creating an account) to finish.
Saying thanks in advance
Ron
Last edited by fosgu (2011-10-23 05:09:46)
Offline
#2 2011-10-23 11:37:36
- rsd76
- Member
- Registered: 2010-04-18
- Posts: 47
Re: SSH lock user to their own directory
There is a ChrootDirectory which should work. However only for sftp access only configuration of /ffp/etc/ssh/sshd_config is enough.
You need:
Code:
SubSystem sftp internal-sftp
And something like:
Code:
Match User johndoe
ChrootDirectory /home/johndoe
ForceCommand internal-sftp.
However not sure or tested if this works with ffp.
If you want an interactive shell, chroot is needed. But this will need some configuration. I haven't found a guide on the internet though.
Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us. (Calvin & Hobbes)
Offline
#3 2011-10-23 15:22:40
- fosgu
- Member
- Registered: 2011-10-20
- Posts: 13
Re: SSH lock user to their own directory
I got it to work, I spent about two hours trying to get it to work. It turns out I had to change privileges and ownership to the directories
chmod 755 /home/johndoe
chmod 755 /home
chown root:root /home
chown root:root /home/johndoe
It seems every time I changed ChrootDirectory /home/johndoe(removing # before the ChrootDirectory) I would get this message "Software caused connection abort Error: Could not connect to server".
Thanks once again for the help.
Offline
#4 2011-10-23 20:47:14
- rsd76
- Member
- Registered: 2010-04-18
- Posts: 47
Re: SSH lock user to their own directory
But can you upload?
I just wanted to check and I got the same error.
Somewhere I found a thread, where someone mentioned they (the coders) do this on purpose.
The solution is to create a homedir like /home/johndoe/johndoe and have this directory user writable.
The ChrootDirectory should then be /home/johndoe and this should be from root and not writable by the user.
Another solution is to use /home as ChrootDirectory and have every users directory set to chmod 700 so only the user and root can access it.
Or in your case at least 1 subdir should exist which is writable for the johndoe user....
Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us. (Calvin & Hobbes)
Offline
#5 2011-10-24 05:56:43
- fosgu
- Member
- Registered: 2011-10-20
- Posts: 13
Re: SSH lock user to their own directory
I must of read the same thing. I did have to do that as well.
It's working great.
Offline