From owner-freebsd-stable@freebsd.org Sat Aug 22 13:32:13 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D8E99BD899 for ; Sat, 22 Aug 2015 13:32:13 +0000 (UTC) (envelope-from joh.hendriks@gmail.com) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D33341289 for ; Sat, 22 Aug 2015 13:32:12 +0000 (UTC) (envelope-from joh.hendriks@gmail.com) Received: by wicja10 with SMTP id ja10so35670051wic.1 for ; Sat, 22 Aug 2015 06:32:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-type:content-transfer-encoding; bh=kD1wb7q4MiE9g8VowWHy4iwJBx4YBCea7IJiDecJ4BU=; b=f2ZKSn5PcmWkZcEENYvAMep3i/jUsqyOLBAQ6D6Q92r07B/hfJV6QUfKwI9WDNJZiW 8h2ViNo3q7dU9cWwv1r54EUycba+T7jjr3FDdCDmGK0xdNnOAdCNYbwnpMWVCUZJ5hOn f09iZuxXfI0BIiggdEN7IpfXFg1oM43J6d6uU8CQGQ+46pILuuLbUpSMMd5fvHdisUL/ iwFvno79awo+uFhyzHAAsCiijcjLCktmkE816iF8C2LweB11WR/qotOqWucksmbeiyJm JmSu59PKkTs0ps27iG1tZO6ASjA+9SYR79Ct3TDZByT2sDINyizoWJSXkxjl/86Sk8a2 74Dw== X-Received: by 10.194.57.19 with SMTP id e19mr26312223wjq.152.1440250331233; Sat, 22 Aug 2015 06:32:11 -0700 (PDT) Received: from Johans-MacBook-Air.local (92-70-102-130.glasvezel.netexpo.nl. [92.70.102.130]) by smtp.googlemail.com with ESMTPSA id e8sm7408623wiz.0.2015.08.22.06.32.10 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 22 Aug 2015 06:32:10 -0700 (PDT) To: freebsd-stable@freebsd.org From: Johan Hendriks Subject: SSH Chroot FreeBSD 10.1 and 10.2 X-Enigmail-Draft-Status: N1110 Message-ID: <55D879DA.1070407@gmail.com> Date: Sat, 22 Aug 2015 15:32:10 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Aug 2015 13:32:13 -0000 Hello all. I want to use the Chrootdirctory feature of openssh on FreeBSD 10.2 And I tried it on 10.1 but gave up... Whatever I do I can not make it work on 10 without error messages, but I got it working on FreeBSD 8 This is what I have in my /etc/ssh/sshd_config file. # Example of overriding settings on a per-user basis Match User testuser1 ChrootDirectory /restricted/%u X11Forwarding no AllowTcpForwarding no I created the dir /restricted and the directory testuser1 the permissions are set to root owned. I created the directory /bin inside /restricted/testuser1 and put the sh file from /rescue there If I log on to the system I get the following ssh testuser1@192.168.1.14 Password for testuser1@node_1: Last login: Sat Aug 22 17:05:52 2015 from 192.168.1.13 Could not chdir to home directory /restricted/testuser1: No such file or directory Cannot read termcap database; using dumb terminal settings. % >From here I can do ls and so on if I copy ls, mkdir and other programs from /rescue to /restricted/username/bin , and can not escape my home, this is what I want but the error messages are frustrating. If I change to csh in /etc/passwd it gives me the following sh testuser1@192.168.1.14 Password for testuser1@node_1: Last login: Sat Aug 22 17:16:32 2015 from 192.168.1.13 Could not chdir to home directory /restricted/testuser1: No such file or directory csh: Cannot open /etc/termcap. csh: using dumb terminal settings. % I think I followed all the tutorials on the internet, and now I get to the point it gets really frustrating. :D I think I do something wrong, but I can not find it. Is there someone who got this working on FreeBSD 10, I have it working on my linux machines also without problem. Thank you for your time. regards Johan