First off, the home directories in /etc/passwd
should reflect the un-chrooted paths, or you'll run into problems in general. In this case, sshd
checks for authorized keys before it chroots, so it needs to find them using an un-chrooted path. That's why your first try doesn't work.
Second thing to note: Under your first setup, when david logs in he starts in /var/chroot-home/david
, but he is actually chrooted to /var/chroot-home
, meaning if he types cd ..
he can see all of the other home dirs (although not their contents, if permissions are correct). This might or might not be a problem for you, but it's a good thing to be aware of.
If the above is fine with you, you can use your first sshd_config, set david's home dir to /var/chroot-home/david
in the passwd
file, and add the following symlink so that david still starts in his home directory:
cd /var/chroot-home
mkdir var
ln -s .. var/chroot-home
That symbolic link will make sure that you can reach a home directory using the same path whether or not you are in the chroot.
However, if you don't want the clients to see the names of each other's home directories, you need to chroot into the home directory itself, as in your second solution. But as you've seen, sshd
doesn't like that (because for various subtle reasons, it's dangerous to give a user write access to the root of a filesystem). Sadly, you're mostly out of luck here. One (kludgy) solution to this is to create a files/
subdirectory in each home directory and give the client write access to that instead.
Another option might be to chroot to /var/chroot-home anyway, and name the home directories differently, e.g. using the user ID number instead of the name.
You are confusing OpenSSH server with OpenSSH client.
After i upgraded openSSH to the latest version: OpenSSH_5.9p1 i tried
to change the ssh_config , tried to set enable chrooted access and
restarted the ssh with #/etc/init.d/sshd restart. But it gives the an
error specific to the old version: OpenSSH_4.5p1.
ssh_config
is the configuration file for client.
/etc/init.d/sshd still uses the old version /usr/sbin/sshd. Looks like
the new version been installed in /usr/local/bin/ssh.
In /etc/init.d/sshd i tried changed SSHD from /usr/sbin/sshd to
/usr/local/bin/ssh. But then i could not restart the ssh due to this
error:
/usr/sbin/sshd
is OpenSSH (server) daemon while /usr/local/bin/ssh
is OpenSSH client.
result of rpm -qa | grep ssh is empty
It means that you removed all the OpenSSH binary packages. If you want to compile the new version from source, make sure that you install the OpenSSH server and edit your init script to point the daemon to the new location (/usr/local/sbin/sshd
).
Best Answer
Instead of running
/etc/init.d/ssh restart
useservice ssh restart
.On Ubuntu 14.04.2 the config changes will not occur when calling the init script directly. It's quite likely that Debian is the same here.