Announcement

Collapse
No announcement yet.

jailed ssh

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • jailed ssh

    Hi all,

    It says Interworx supports jailed SSH users but I'm trying to find out the best way of doing it. I've seen some old forum threads that an option is in the "change sell" menu via the control panel itself but we don't have that option.

    Cheers,

  • #2
    Hi Bertie

    Welcome to IW forums
    It is available to change from nodeworx, siteworx, shell users, siteworx shell, place a tick in the box for a siteworx user, with select drop down menu, change shell, select jailed chroot shell, save and its done
    Many thanks
    John
    Attached Files
    Last edited by d2d4j; 04-12-2016, 05:17 AM.

    Comment


    • #3
      Hi Berie
      Sorry, if that option is not shown, you did not create a /chroot directory on first install of distro
      To gain the jailed ssh, you will need to change your /home to /chroot/home, which is a little involved and you do so at your at your own risk
      Here are the basic instructions, as provided by Socheat post
      Here is the process:
      1. service iworx stop
      2. service httpd stop
      3. you may need to stop other services, do an 'lsof /home' to determinen what's using /home
      4. cd /
      5. umount /home
      6. confirm /home is umounted and empty. If it is, go ahead rmdir /home
      7. edit /etc/fstab to change the mount point of the partition to /chroot instead of /home (you may want to change the label of the partition using e2label to stay consistent with the other partitions)
      8. mkdir /chroot
      9. mount /chroot
      10. mkdir /chroot/home
      11. ln -fs /chroot/home /home
      11. cd /chroot
      12. mv * home
      13. mv home/aquota.* /chroot
      14. chmod 755 /chroot
      15. chmod 711 /chroot/home
      That should do it. Hope that helps!
      Socheat
      Many thanks
      John
      http://forums.interworx.com/threads/...h-home-mounted

      Comment


      • #4
        Originally posted by d2d4j View Post
        Hi Berie
        Sorry, if that option is not shown, you did not create a /chroot directory on first install of distro
        To gain the jailed ssh, you will need to change your /home to /chroot/home, which is a little involved and you do so at your at your own risk
        Here are the basic instructions, as provided by Socheat post
        Here is the process:
        1. service iworx stop
        2. service httpd stop
        3. you may need to stop other services, do an 'lsof /home' to determinen what's using /home
        4. cd /
        5. umount /home
        6. confirm /home is umounted and empty. If it is, go ahead rmdir /home
        7. edit /etc/fstab to change the mount point of the partition to /chroot instead of /home (you may want to change the label of the partition using e2label to stay consistent with the other partitions)
        8. mkdir /chroot
        9. mount /chroot
        10. mkdir /chroot/home
        11. ln -fs /chroot/home /home
        11. cd /chroot
        12. mv * home
        13. mv home/aquota.* /chroot
        14. chmod 755 /chroot
        15. chmod 711 /chroot/home
        That should do it. Hope that helps!
        Socheat
        Many thanks
        John
        http://forums.interworx.com/threads/...h-home-mounted
        Thanks for replying - I have done this but while testing the user that has been given jail shell, it will accept the password and then disconnect from the session straight away.

        Comment


        • #5
          Hi Bertie

          What is th error code

          What distro and IW version are you using

          I'll try myself tommorow and see, but my initial thoughts are permissions on either home or security keys

          Many thanks

          John

          Comment


          • #6
            Originally posted by d2d4j View Post
            Hi Bertie

            What is th error code

            What distro and IW version are you using

            I'll try myself tommorow and see, but my initial thoughts are permissions on either home or security keys

            Many thanks

            John
            Hi,

            I don't get any errors as such. I make the SSH connection, put the password in. Password gets accepted and then disconnects from the session. We are running: CentOS 6.7 and InterWorx-CP v5.1.9.

            Cheers,


            Comment


            • #7
              Hi Bertie

              Many thanks, and are you sure you do not see terminate exit code 17

              I have just tested and saw the above code reason, with same as you described.

              Looking into it a little further, I believe the keys are not fully copied for the user, until a normal ssh login is performed (which copies the keys), then you can set chrootedssh for user

              This worked for me

              So can you please try the following

              Change user to bin/bash
              Ssh as client and login
              Logout
              Change user to chrootedssh
              Ssh as client and login

              If it works as my test, you cannot type logout as its elevated user, and need to type exit

              Many thanks

              John

              Comment


              • #8
                Ever since doing the first steps I can no longer add new siteworx accounts succesfully

                "There was a problem validating the form. Please see details below.
                An error occurred during SiteWorx account activation, check the iworx.log file for more details"

                Do I need to change the line "partition=" on iworx.ini to take the new changes?

                Comment


                • #9
                  Hi Bertie

                  Many thanks, was wondering how you got on and if my posts helped

                  I would open a support ticket with IW and quote this three's as well as s brief description of your current issue, so IW can have a look to see what's happening

                  You will need to turn on remote support from nodeworx remote support and confirm in your ticket you open, remote support turned on

                  The reason for this, is IW are aware of certain conditions which are stooping this from working as expected, however, I am not sure if it relates to centos 6

                  Please could you update your post once it's corrected, it would be appreciated

                  Many thanks

                  John

                  Comment

                  Working...
                  X