Daniel Lange's blog | Entries tagged as chroot

Skip to content

Entries tagged as chroot

Related tags

amd64 bug gentoo pam sshd updated addon apache apple baselayout bonjour bulletproof charset chrome chromebook chromeos config connection debian dolphin dovecot drop eth fail firefox freedesktop gnome html init.d itunes javascript kde linux mime mimetypes mozilla nautilus network plugin rawtherapee segfault serendipity standard terminal thunar thunderbird time ubuntu umlauts underflow underscore unstable url wifi windows wlan xfce zeroconf archlinux boot distribution driver exherbo flash freenx hallib iso keyboard keymap matrox mga nx sysconfig xinerama alpine fedora hang random security ssh account active address ai analysis annoying api atom automate backup badchoices bash bind bios bookmarks canonical channel consent convert cookies cron crypt deadline dell design diff dogfood dtp email extended firmware freenode fsf fundraiser game git github gmail gnu google gpg gpp greasemonkey grep grub hacking hibernate highavailability htpdate httpdate ip iphone irc jessie ld_preload limesurvey llm mac macos monopoly mp3 mp4 multi-homed nasa netatalk nextcloud nick ntp opensource openssl operations passwords patch philosophy policy politics popup privacy production rdate regulation report results ringtone rss scms screensaver script shell snapcraft sni ssl strategy stretch stunnel suspend systemd target thunderbolt timemachine uefi update user video virtualhost viruses vista web wheezy wikimedia wikipedia xing xp xps13 youtube

SSHd chroot and PAM

Posted by Daniel Lange on Sunday, 18. November 2007

Gentoo

SSH with chroot patch has been working fine for a number of years. Since PAM v0.99 things have broken though, if users are chrooted with the "/home/username/./" syntax as their homedir.

SSH sessions will just terminate immediately after successful logon. Doh.

Two solutions exist:

Put UsePAM no into /etc/ssh/sshd_config and use the chroot patch and /./ in users homedirs
Keep UsePAM yes. Emerge sys-auth/pam_chroot and add session required pam_chroot.so to /etc/pamd.d/sshd setup /etc/security/chroot.conf or add a chroot_dir=/home/username/ to the pam_chroot.so line.
This will currently not work for amd64 though as the Gentoo bug regarding pam_chroot has not cought any attention from the arch testers. Since July...

Bugging the arch testers in #Gentoo-amd64 didn't help either:

Continue reading "SSHd chroot and PAM"