jailkit for chroot ssh account security tutorial and fix for error

This was done on Centos but I think it's easier on Debian machines, the paths that it is set to use are tailored towards Debian, so there is some fiddling that needs to be done on Centos.

This is for chrooting ssh, but jailkit has other uses than just SSH jails but I won't cover them in this writeup.

1. Install jailkit

yum install jailkit

2. Setup Jail Home

mkdir /home/jail
chown root:root /home/jail

3. Enable Jailed Programs For Your Users

jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp

You'll see a lot of text scrolling, basically it is copying all the executables and their dependencies to the chroot environment.

For more specialized setups/extra programs you can edit /etc/jailkit/jk_init.ini to enable or add more programs.

4. Enable the Jail on an Existing User

jk_jailuser -m -j /home/jail "testguy"


invalid shell, /home/jail/usr/sbin/jk_lsh does not exist
enter jail directory:

Fix the error with the following:

You need to copy "jk_lsh" and should have done it from the start (bad documentation)

jk_init -v -j /home/jail jk_lsh

 Now you can add whatever use you want to the jail.

And just to confirm notice the changed /etc/passwd entry for testguy:

testguy:x:500:500::/home/jail/./home/testguy:/usr/sbin/jk_chrootsh

5. Finalize Settings

Set the shell you want for your user in /home/jail/etc/passwd

root:x:0:0:root:/root:/bin/bash
testguy:x:500:500::/home/testguy:/usr/sbin/jk_lsh

I don't know why "root" is there, I deleted that line.  I also changed the shell for testguy to bash, and so my new file looks like:

testguy:x:500:500::/home/testguy:/bin/bash

 


Tags:

jailkit, chroot, ssh, tutorial, errorthis, centos, debian, paths, tailored, fiddling, chrooting, jails, writeup, install, yum, mkdir, chown, enable, jailed, programs, users, jk_init, basicshell, editors, extendedshell, netutils, sftp, scp, ll, text, scrolling, copying, executables, dependencies, specialized, setups, edit, etc, ini, existing, user, jk_jailuser, quot, testguy, invalid, shell, usr, sbin, jk_lsh, directory, documentation, passwd, entry, jk_chrootsh, finalize, settings, bin, bash, deleted,

Latest Articles

  • Unable to mount location Failed to retrieve share list from server: Connection timed out - Samba/Linux Filesharing Not working Ubuntu Mint Linux Solution
  • How To Resize, Reduce a Video to a Specific Size and Quality Ubuntu Linux using ffmpeg
  • vi how to delete all lines in the file
  • Linux Mint / Ubuntu 20 Intel I219 NIC disconnects
  • Linux can't boot/grub boot loader screen with no options solution
  • EFI PXE grub2 Howto guide for Linux EFI PXE Booting on Debian, Mint, Ubuntu, RHEL
  • Aruba/HP/Dell IAP Wireless Controller Common Default Passwords
  • Debian, Mint Ubuntu how to remove package and associated config files
  • Linux Grub not booting the intended kernel solution in Debian, Mint, Ubuntu how to specify which kernel to boot by default
  • QEMU KVM Keyboard Problems Not Working Right Repeating Characters, Ctrl+C Copy and Paste not working right when using PS2 mouse in guests Solution
  • Linux how to compile binary with static sharedobjects embedded instead of dynamic to use on multi-distributions and avoid glibc compatiblity issues
  • /bin/sh: msgfmt: not found error solution on Linux Compilation Ubuntu Debian Mint Centos
  • Mikrotik RouterOS CHR/ISO Basic and Quick Setup Howto Guide
  • qemu 4 compilation options
  • CentOS 7 8 PXEBoot Netinstall Not Working Solution "Pane is dead "new value non-exisetnt xfs filesystem is not valid as a default fs type"
  • CentOS 6 EOL yum repo won't work Error: Cannot find a valid baseurl for repo: base Solution
  • CentOS 7 8 How To Disable SELinux
  • Wordpress How To Add Featured Image To Post in Hueman Theme
  • kdenlive full reset how to erase all config files
  • CentOS 7 8 yum error Trying other mirror. To address this issue please refer to the below wiki article