jailkit for chroot ssh account security tutorial and fix for error

This was done on Centos but I think it's easier on Debian machines, the paths that it is set to use are tailored towards Debian, so there is some fiddling that needs to be done on Centos.

This is for chrooting ssh, but jailkit has other uses than just SSH jails but I won't cover them in this writeup.

1. Install jailkit

yum install jailkit

2. Setup Jail Home

mkdir /home/jail
chown root:root /home/jail

3. Enable Jailed Programs For Your Users

jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp

You'll see a lot of text scrolling, basically it is copying all the executables and their dependencies to the chroot environment.

For more specialized setups/extra programs you can edit /etc/jailkit/jk_init.ini to enable or add more programs.

4. Enable the Jail on an Existing User

jk_jailuser -m -j /home/jail "testguy"


invalid shell, /home/jail/usr/sbin/jk_lsh does not exist
enter jail directory:

Fix the error with the following:

You need to copy "jk_lsh" and should have done it from the start (bad documentation)

jk_init -v -j /home/jail jk_lsh

 Now you can add whatever use you want to the jail.

And just to confirm notice the changed /etc/passwd entry for testguy:

testguy:x:500:500::/home/jail/./home/testguy:/usr/sbin/jk_chrootsh

5. Finalize Settings

Set the shell you want for your user in /home/jail/etc/passwd

root:x:0:0:root:/root:/bin/bash
testguy:x:500:500::/home/testguy:/usr/sbin/jk_lsh

I don't know why "root" is there, I deleted that line.  I also changed the shell for testguy to bash, and so my new file looks like:

testguy:x:500:500::/home/testguy:/bin/bash

 


Tags:

jailkit, chroot, ssh, tutorial, errorthis, centos, debian, paths, tailored, fiddling, chrooting, jails, writeup, install, yum, mkdir, chown, enable, jailed, programs, users, jk_init, basicshell, editors, extendedshell, netutils, sftp, scp, ll, text, scrolling, copying, executables, dependencies, specialized, setups, edit, etc, ini, existing, user, jk_jailuser, quot, testguy, invalid, shell, usr, sbin, jk_lsh, directory, documentation, passwd, entry, jk_chrootsh, finalize, settings, bin, bash, deleted,

Latest Articles

  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled
  • Debian Ubuntu Mint Howto Create Bridge (br0)
  • How To Control Interface that dhcpd server listens to on Debian based Linux like Mint and Ubuntu
  • LUKS unable to type password to unlock during boot on Debian, Ubuntu and Mint
  • Debian Ubuntu and Linux Mint Broken Kernel After Date - New Extra Module Naming Convention
  • Wordpress overwrites and wipes out custom htaccess rules and changes soluton
  • Apache htaccess and mod_rewrite how to redirect and force all URLs and visitors to the SSL / HTTPS version
  • python 3 pip cannot install mysql module
  • QEMU-KVM won't boot Windows 2016 or 2019 server on an Intel Core i3
  • Virtualbox vbox not starting
  • Bind / named not responding to queries solution
  • Linux Mint How To Set Desktop Background Image From Bash Prompt CLI
  • ImageMagick Convert PDF Not Authorized
  • ImageMagick Converted PDF to JPEG some files have a black background solution
  • Linux Mint Mate Customize the Lock screen messages and hide username and real name
  • Ubuntu/Gnome/Mint/Centos How To Take a partial screenshot
  • ssh how to verify your host key / avoid MIM attacks