jailkit for chroot ssh account security tutorial and fix for error

This was done on Centos but I think it's easier on Debian machines, the paths that it is set to use are tailored towards Debian, so there is some fiddling that needs to be done on Centos.

This is for chrooting ssh, but jailkit has other uses than just SSH jails but I won't cover them in this writeup.

1. Install jailkit

yum install jailkit

2. Setup Jail Home

mkdir /home/jail
chown root:root /home/jail

3. Enable Jailed Programs For Your Users

jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp

You'll see a lot of text scrolling, basically it is copying all the executables and their dependencies to the chroot environment.

For more specialized setups/extra programs you can edit /etc/jailkit/jk_init.ini to enable or add more programs.

4. Enable the Jail on an Existing User

jk_jailuser -m -j /home/jail "testguy"


invalid shell, /home/jail/usr/sbin/jk_lsh does not exist
enter jail directory:

Fix the error with the following:

You need to copy "jk_lsh" and should have done it from the start (bad documentation)

jk_init -v -j /home/jail jk_lsh

 Now you can add whatever use you want to the jail.

And just to confirm notice the changed /etc/passwd entry for testguy:

testguy:x:500:500::/home/jail/./home/testguy:/usr/sbin/jk_chrootsh

5. Finalize Settings

Set the shell you want for your user in /home/jail/etc/passwd

root:x:0:0:root:/root:/bin/bash
testguy:x:500:500::/home/testguy:/usr/sbin/jk_lsh

I don't know why "root" is there, I deleted that line.  I also changed the shell for testguy to bash, and so my new file looks like:

testguy:x:500:500::/home/testguy:/bin/bash

 


Tags:

jailkit, chroot, ssh, tutorial, errorthis, centos, debian, paths, tailored, fiddling, chrooting, jails, writeup, install, yum, mkdir, chown, enable, jailed, programs, users, jk_init, basicshell, editors, extendedshell, netutils, sftp, scp, ll, text, scrolling, copying, executables, dependencies, specialized, setups, edit, etc, ini, existing, user, jk_jailuser, quot, testguy, invalid, shell, usr, sbin, jk_lsh, directory, documentation, passwd, entry, jk_chrootsh, finalize, settings, bin, bash, deleted,

Latest Articles

  • CentOS 8 how to restart the network!
  • CentOS 8 how to convert to a bootable mdadm RAID software array
  • ADATA USB Thumb Drive Issues
  • KMODE EXCEPTION NOT HANDLED - QEMU/KVM Won't Boot Windows 2016 or 10 Image or Physical Machine
  • Linux Mint / Ubuntu / Debian Mate Disable Guest Session and Hide Usernames on Lightdm Login screen GUI
  • SSH How To Create Public/Private Key Pair and with a Larger Keysize than 2048 bits
  • selenium.common.exceptions.WebDriverException: Message: Can not connect to the Service geckodriver
  • python ModuleNotFoundError: No module named 'bs4' even though you have the module
  • ssh how to connect using a SOCKS 5 proxy with nc and proxycommand
  • Enable AMDGPU Linux Driver
  • apache symlinks denied even with followsymlinks
  • chown how to change ownership on a symlink
  • how to use ifplugd in Linux to execute a command or script when a NIC cable is unplugged or plugged in
  • dd how to backup and restore disk images including compression with gzip
  • mpv / mplayer with Radeon / AMD GPU Video Card Driver enable VDPAU GPU Accelerated Video Decoding
  • Wordpress Reset Blog User Password from MySQL Using Linux Bash and not PHPMyadmin
  • Ubuntu Linux Mint Debian xorg performance and tear-free tuning for AMD Radeon Based Cards
  • Centos 7 Stopped and Disabled Firewalld and ports still blocked
  • MariaDB / MySQL Reset Root Forgotten Password on Centos 7
  • Centos 7 How to install Mysql/Mariadb