“The chroot command changes its root directory to the supplied directory newroot and executes command, if supplied, or an interactive copy of the user’s shell."

goals:

  • chroot ssh

get starting:

## change to workdir
> cd /foo/bar

## get files from cdn of trust
> wget https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/base66.tgz
> wget https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/comp66.tgz
> wget https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/man66.tgz
## create chroot dir
> mkdir -p /foo/bar/ssh_chroot
> cd /foo/bar/ssh_chroot

## copy system resolv.conf to chroot dir
> cp /etc/resolv.conf /foo/bar/ssh_chroot/ssh/resolv.conf

## extract packs
> tar -xvzf /foo/bar/ssh_chroot/base67.tar
> tar -xvzf /foo/bar/ssh_chroot/comp67.tar
> tar -xvzf /foo/bar/ssh_chroot/man67.tar

## MAKEDEV
> cd dev
> ./MAKEDEV all
## chroot in /foo/bar
> chroot /foo/bar/ssh_chroot/ ldconfig /usr/lib /usr/local/lib
> chown root:wheel /foo/bar/ssh_chroot/
> chmod 755 /foo/bar/ssh_chroot/

## setup chroot user
> groupadd ssh-users
> useradd -g ssh-users -d /chroot/ssh/home/ssh-user -m ssh-user
> passwd ssh-users
## to activate append chroot in "/etc/ssh/sshd_conf"
> echo "ChrootDirectory /var/chroot/ssh" >> /etc/ssh/sshd_conf