The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

chrooted ssh jail on freebsd

Discussion in 'General Discussion' started by elmore, Oct 24, 2003.

  1. elmore

    elmore Registered

    Joined:
    Oct 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Anyone got a chrooted jail for ssh working on freebsd? It'd be a nice feature, I was thinking about starting work on it but don't want to duplicate efforts if someone has already done it.
     
  2. mickeymouse

    mickeymouse Well-Known Member

    Joined:
    Sep 16, 2003
    Messages:
    389
    Likes Received:
    0
    Trophy Points:
    16
    Dear elmore,

    I would like to have such a feature in my server.I have searched the forum and cannot find one.

    Regards,
     
  3. TCSLEA

    TCSLEA Active Member

    Joined:
    Oct 29, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austin, T E X A S
    I've tried it on 4.8 and 5.1 with no luck. I select the options in WHM but they have no effect.

    As it stands the users who ssh into their site are able to back out of their starting directory, and prowl around the server. I tested it as a user, and was able to change to the server's /etc directory and cat ipfw.rules

    I'm hoping that this can be fixed soon, or a manual solution is close at hand.
     
  4. elmore

    elmore Registered

    Joined:
    Oct 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Well setting up a jailed environment in FBSD is easy, it's controlling it from cpanel that is not possible currently I believe.

    Here's a link to my forum which covers creating chrooted jails in FreeBSD. You could always set this up and do manual as you suggested.

    http://screamingelectron.org/phpBB2/viewtopic.php?t=326
     
    #4 elmore, Nov 12, 2003
    Last edited: Nov 12, 2003
  5. eskwire

    eskwire Member

    Joined:
    Sep 10, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I love screamingelectron.org :)

    You should get shirts or stickers made up.

    Any way glad to have someone of your stature in the cpanel forum.
     
  6. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    Maybe its just me, but when I click on the link its broken.
     
  7. eskwire

    eskwire Member

    Joined:
    Sep 10, 2003
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
  8. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    Worked fine that time. Maybe it was just the comp here at work or something. Anyways, thanks!
     
  9. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    Does this same thing apply for anything, or just freebsd?
     
  10. TCSLEA

    TCSLEA Active Member

    Joined:
    Oct 29, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austin, T E X A S
    That link shows how to set up an actual jail in FreeBSD. I think cPanel/WHM is trying to offer chroot for shell access, which is different.

    I have not looked too hard, but I have not yet seen anyone find a way to break out of an actual FreeBSD jail. Yes, they can get out of a "jailed" shell (chroot'd shell), but not a jail.

    Having said that, I would LOVE to see cPanel rig it so we could use an actual jail for the servers... but each jail needs a unique IP address, which is a drawback on a large server.
     
  11. elmore

    elmore Registered

    Joined:
    Oct 12, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Right it is a generic tutorial for setting up a jail, individual services the jail happens to offer are not covered.

    Offering services in a jailed environment makes me feel/sleep better at night.

    One of my cpanel test boxes currently runs completely jailed. Some functions are quite broke though :( Anyways I've been working on this now for a couple of weeks on and off and I'm new to cpanel so it's a little tricky working with it but, once I get a few things ironed out I'll document it on and cross-post here as well.

    Regards-

    -elmore-
     
  12. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    But then in theorey, couldnt you use a private IP addressing scheme, and just assign them right?
     
  13. TCSLEA

    TCSLEA Active Member

    Joined:
    Oct 29, 2003
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austin, T E X A S
    I tried the private addressing (using the 192.168 scheme) and could never get it to work. Trying to ssh to a jail by name always took me to the server, not the jail.

    At one point I was tampering with dns settings, trying just about every possible configuration, and made it where I could only ssh into a jail, but not the server. Had to drive over to the server and use console to fix it.

    *sigh*

    Would love to hear your results, though! I would sleep better also, if I could use the actual jail environment...
     
  14. B12Org

    B12Org Well-Known Member

    Joined:
    Jul 15, 2003
    Messages:
    692
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle Washington
    cPanel Access Level:
    Root Administrator
    Me too. I would love to implement this, however, driving to texas from seattle would be a long drive for me if I messed up :D :D :cool: , So I would rather follow in some one elses footsteps here, not poineer. So, please let me know how this turns out, or how to implement. Thanks!
     
Loading...

Share This Page