Software engineering notes

tutorial: building an OpenSSH chroot jail on CentOS 5.3


allow users to log into a CentOS 5.3 server via ssh, but then constrain their mobility by using the chroot support introduced in OpenSSH 4.8p1.






I followed the tutorial in resource 2 for the most part, but the rpm build will fail with an error if the “/usr/src/redhat/RPMS/i386” and “/usr/src/redhat/BUILD” directories are not made in advance, a step in resource 1.  

With these two tutorials, I was able to build and install OpenSSH 5.1, but then I ran into a couple hiccups.  When I tried to log in using a dummy account (“random1”) assigned to the “sshusers” group described in resource 1, ssh rejected my log in with an error: “Permission denied (publickey,gssapi-with-mic).”.  Looking in the ssh logs (“/var/log/secure”), I saw: “Authentication refused: bad ownership or modes for file “/home/random1/.ssh/authorized_keys”.  Referring to the details provided in resource 3, I changed the permissions on “random1/.ssh” and “random1/.ssh/authorized_users” to 700.  Then I was able to ssh in, but immediately I received the error “/bin/bash: No such file or directory”, and was bounced out.  I moved the ls and bash executables placed in “/usr/bin” in resource 2, to “/bin” and then all was good 🙂

Special thanks to robbyt, author of resource 1, for his assistance.

Written by Erik

July 28, 2009 at 7:51 pm

Posted in tutorial

Tagged with , , ,

%d bloggers like this: