Jail shell centos

Jail shell centos, 9.7 out of 10 based on 3 ratings
VN:F [1.9.22_1171]
Rating: 9.7/10 (3 votes cast)

Install rssh and edit config:

1.) Secure root:
sudo yum install rssh

2.) Config RSSH
# /etc/rssh.conf
logfacility = LOG_USER

allowscp
#allowsftp
#allowcvs
#allowrdist
#allowrsync

Rssh user creation:
http://www.cyberciti.biz/tips/linux-unix-restrict-shell-access-with-rssh.html

3.) Create the sftp init script
Let’s call it /etc/init.d/sftpod. Just because. Make sure it is root owned, with octal mode 0755. Its contents follow.

#!/bin/bash
#
# chkconfig: 35 60 25
# description: OpenSSH chrooted sftp only daemon
#
# Note that /usr/sbin/sftpod is simply a symlink to /usr/sbin/sshd;
# You are going to need to CREATE that symlink before using this script.
#

pidfile=’/var/run/sftpod.pid’

case “${1}” in

start  ) exec -a /usr/sbin/sftpod /usr/sbin/sshd -f /etc/ssh/sftpod_config
;;
stop   ) kill -9 $(cat ${pidfile})
;;
restart) ${0} stop
sleep 3
${0} start
;;
*      ) echo “Usage: ${0} (start|stop|restart)”
;;

esac

exit 0

4.) Create the sftp config file

Let’s use the naming referred to in the init script, /etc/ssh/sftpod_config. Contents:

Port 9022
Protocol 2
AddressFamily inet

SyslogFacility AUTHPRIV
LogLevel INFO

PermitRootLogin no

RSAAuthentication no
PubkeyAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no

UsePAM no

PidFile /var/run/sftpod.pid

ChrootDirectory /home/chrooted
Subsystem sftp internal-sftp

Notes:
1.)
/home/chrooted owner must be root with right permissions I guess it was 755 or 750 otherwise you’ll get a restriction error!

2.)
Lock user from regular ssh:
In /etc/ssh/sshd_config
DenyUser xyz

This entry was posted in Linux. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *