Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Aug 2015 15:32:10 +0200
From:      Johan Hendriks <joh.hendriks@gmail.com>
To:        freebsd-stable@freebsd.org
Subject:   SSH Chroot FreeBSD 10.1 and 10.2
Message-ID:  <55D879DA.1070407@gmail.com>
next in thread | raw e-mail | index | archive | help 
Hello all.

I want to use the Chrootdirctory feature of openssh on FreeBSD 10.2 And
I tried it on 10.1 but gave up...
Whatever I do I can not make it work on 10 without error messages, but I
got it working on FreeBSD 8

This is what I have in my /etc/ssh/sshd_config file.

# Example of overriding settings on a per-user basis
Match User testuser1
        ChrootDirectory /restricted/%u
        X11Forwarding no
        AllowTcpForwarding no

I created the dir /restricted and the directory testuser1 the
permissions are set to root owned.
I created the directory /bin inside /restricted/testuser1 and put the sh
file from /rescue there

If I log on to the system I get the following
ssh testuser1@192.168.1.14
Password for testuser1@node_1:
Last login: Sat Aug 22 17:05:52 2015 from 192.168.1.13
Could not chdir to home directory /restricted/testuser1: No such file or
directory
Cannot read termcap database;
using dumb terminal settings.
%
>From here I can do ls and so on if I copy ls, mkdir and other programs
from /rescue to /restricted/username/bin , and can not escape my home,
this is what I want but the error messages are frustrating.
If I change to csh in /etc/passwd it gives me the following

sh testuser1@192.168.1.14
Password for testuser1@node_1:
Last login: Sat Aug 22 17:16:32 2015 from 192.168.1.13
Could not chdir to home directory /restricted/testuser1: No such file or
directory
csh: Cannot open /etc/termcap.
csh: using dumb terminal settings.
%


I think I followed all the tutorials on the internet, and now I get to
the point it gets really frustrating. :D
I think I do something wrong, but I can not find it.

Is there someone who got this working on FreeBSD 10, I have it working
on my linux machines also without problem.

Thank you for your time.

regards
Johan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55D879DA.1070407>