Hello all.
I have little luck in setting up a restricted ssh server for ssh tunnels on FreeBSD 10
On my FreeBSD 8 server it all works well and on my FreeBSD 10 server I did use the same steps.
I use the following setup.
I create a group allowtunnel, then I add users to this group.
In my /etc/ssh/sshd_config file I add the following.
I create the directory restricted
I also set the proper permissions.
I create a user and with vipw(8) it shows as follows.
I make sure that root owns the home folder.
I create a /bin folder in the newly created home folder.
then copy /rescue/sh to the bin dir
I then do a
This works great under FreeBSD 8
If I try this on my FreeBSD 10 machine it does work partially.
If I login on my FreeBSD 10 machine I see the following
So I do get the shell and the user is restricted. But I can not get rid off the error!
The error that is not on my FreeBSD 8 machine
Is there something I miss?
Regards.
I have little luck in setting up a restricted ssh server for ssh tunnels on FreeBSD 10
On my FreeBSD 8 server it all works well and on my FreeBSD 10 server I did use the same steps.
I use the following setup.
I create a group allowtunnel, then I add users to this group.
In my /etc/ssh/sshd_config file I add the following.
Code:
Match Group allowtunnel
AllowTcpForwarding yes
AllowAgentForwarding yes
X11Forwarding yes
ChrootDirectory /usr/home/restricted/%u
mkdir /usr/home/restricted
then I do a chown root:wheel /usr/home/restricted
I also set the proper permissions.
chmod 755 /usr/home/restricted
(if I change this I can not login at all)I create a user and with vipw(8) it shows as follows.
Code:
testuser:PASS-EDITED:1005:1006::0:0:User &:/usr/home/restricted/testuser:/bin/sh
chown root /usr/home/restricted/testuser
I create a /bin folder in the newly created home folder.
mkdir /usr/home/restricted/testuser/bin
then copy /rescue/sh to the bin dir
cp /resque/sh /usr/home/restricted/testuser/bin
I then do a
cmod -R 755 /usr/home/restricted/testuser
to be sure folder permissions are OK.This works great under FreeBSD 8
If I try this on my FreeBSD 10 machine it does work partially.
If I login on my FreeBSD 10 machine I see the following
Code:
login as: testuser
Using keyboard-interactive authentication.
Password for testuser@backup01.mydomain.lan:
Last login: Wed Apr 15 20:29:06 2015 from myprovider.nl
Could not chdir to home directory /usr/home/restricted/testuser: No such file or directory
Cannot read termcap database;
using dumb terminal settings.
$
The error that is not on my FreeBSD 8 machine
Is there something I miss?
Regards.