Hello
Je veux chrooter sshd, chose faite avec le makejail. le problème est que je ne parvient pas a me loguer en local user@127.0.0.1 le problème semble venir du faite qu’il lui faut les utilisateur donc de pouvoir placer les commande qui vont bien pour le faire.
a savoir adduser ,passwd, deluser. du moin pour avoir un fichier /etc/passwd pour les nouveau utilisateur.
J’ai donc tenter d’ajouter adduser mai :
adduser teste
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "fr_CH.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Can't locate warnings.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl .) at /usr/sbin/adduser line 33.
BEGIN failed--compilation aborted at /usr/sbin/adduser line 33.Donc je ne sai pas si je doit me tourner du coter de debootstrap qui a mon avis posera le même problème.
Le problème c’est que l’outil ldd ne marche pas pour tracer les dépendance (pas dans le chroot, mai sur l’hote) apparemment et lier aux problème des locale est lier aussi aux dépendance.
bref c’est un peux le merd*** :
voici le makejail.conf:
# Makejail configuration file for sshd
#
# Created by Javier Fernandez-sanguino Peña <jfs@computer.org>
# Thu, 29 Aug 2002 23:44:51 +0200
#/usr/sbin/adduser /usr/bin/passwd /bin/ls
#/etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl
chroot="/var/chroot/sshd"
forceCopy=["/etc/ssh/ssh_host*","/etc/ssh/sshd*","/etc/ssh/moduli",
"/etc/perl","/usr/local/lib/perl/5.8.8 ","/usr/local/share/perl/5.8.8",
"/usr/lib/perl5","/usr/share/perl5","/usr/lib/perl/5.8","/usr/share/perl/5.8",
"/usr/local/lib/site_perl",
"/etc/pam.conf","/etc/security/*","/etc/pam.d/ssh","/etc/pam.d/other",
"/etc/hosts","/etc/nsswitch.conf",
"/var/run/sshd","/lib/security/*","/usr/sbin/adduser","/usr/bin/passwd",
"/etc/shells", "/etc/nologin","/etc/environment","/etc/motd",
"/etc/shadow","/etc/hosts*","/bin/ls",
"/bin/*sh", "/lib/libnss*", "/dev/urandom",
"/dev/pt*","/dev/ttyp[0-9]*"]
# Remove this if you want to make configuration changes *outside* of the
# chroot environment
# preserve=["/etc/","/home/","/dev/"]
# otherwise just do this:
preserve=["/dev/","/home"]
# Besides the sshd user (needed after 3.4p1) any user which is going to
# be granted access to the ssh daemon should be added to 'users' and
# 'groups'.
userFiles=["/etc/passwd","/etc/shadow"]
groupFiles=["/etc/group","/etc/gshadow"]
users=["sshd"]
groups=["sshd"]
testCommandsInsideJail=["start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd"]
testCommandsOutsideJail=["ssh localhost"]
processNames=["sshd"]
# Changes to do to jail sshd:
# 1.- start makejail with this configuration file
# it might not be able to start the daemon since the daemon tries to
# access /dev/log (handled by syslogd)
#
# 2.- In init.d's startup script (/etc/init.d/sshd):
# replace "start-stop-daemon ..." with "chroot /var/chroot/sshd start-stop-daemon ..."
#
# 3.- configure syslog to also listen to the socket /var/chroot/sshd/dev/log,
# restart sysklogd.
# (for Debian) This can be done by changing the SYSLOGD option in
# /etc/init.d/syslogd to
# SYSLOGD="-p /dev/log -p /var/chroot/sshd/dev/log"
#
# 4.- Create the user directories under /home and copy their files there
#
# 5.- Users will not be able to do a single thing in the restricted environment
# besides running their shell. You will have to add some utilities
# to the chrooted environement. Try adding this to the configuration
# packages=["fileutils"]
# You can add any other Debian packages you want users to have access
# to.
#
# WARNING: this configuration file has only been slightly tested.
# It has not been thoroughly tested yet.
il s’agit donc en prime d’avoir un chroot de sshd, avec des utilisateur qui ne puisse pas ce balader sur le système,et ce voire les un des autres.
Merci d’avance.