在过去的几天里,我一直试图在Ubuntu服务器上设置一个chroot,但是我遇到了一个问题。 我已经尝试了几种在Ubuntu上设置chroot的方法,包括自己手动设置文件夹权限,然后静态链接我想要允许的二进制文件的库,但目前我正在使用Jailkit来设置chroot环境,但是这两个设置我都有同样的问题,build立了chroot后,试图login到SSH我马上迎接强迫closuresterminal。 当我运行一个debuggingsshd时,我发现这是因为sshd由于某种原因找不到/ dev / pts,即使它在chroot环境中。
这里是我的设置,这是由Jailkit填充除了/ dev / pts使用挂载
sudo mount -o bind /dev/pts /data/jail/dev/pts /data/jail/home/user /data/jail/dev /data/jail/dev/pts /data/jail/dev/tty 这是sshddebugging的结果:
debug3: safely_chroot: checking '/' debug3: safely_chroot: checking '/data/' debug3: safely_chroot: checking '/data/jail/' debug3: safely_chroot: checking '/data/jail/home/' debug3: safely_chroot: checking '/data/jail/home/user' Changed root directory to "/data/jail/home/user" debug1: permanently_set_uid: 1002/1003 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug2: fd 6 setting O_NONBLOCK debug2: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug3: Received SSH2_MSG_IGNORE debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug3: mm_request_send entering: type 28 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 29 debug3: mm_request_receive entering debug3: mm_request_receive entering debug3: monitor_read: checking request 28 debug3: mm_answer_pty entering debug2: session_new: allocate (allocated 0 max 10) debug3: session_unused: session id 0 unused debug1: session_new: session 0 debug1: SELinux support disabled debug3: mm_request_send entering: type 29 debug3: mm_answer_pty: tty /dev/pts/8 ptyfd 5 debug1: session_pty_req: session 0 alloc /dev/pts/8 debug1: server_input_channel_req: channel 0 request shell reply 1 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell Starting session: shell on pts/8 for user from *.*.*.* port 54006 debug2: fd 3 setting TCP_NODELAY debug3: packet_set_tos: set IP_TOS 0x10 debug2: channel 0: rfd 11 isatty debug2: fd 11 setting O_NONBLOCK debug3: fd 9 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. /dev/pts/8: No such file or directory open /dev/tty failed - could not set controlling tty: No such file or directory debug3: mm_request_receive entering debug3: monitor_read: checking request 156 debug3: mm_answer_consolekit_register entering debug1: session_by_tty: session 0 tty /dev/pts/8 debug1: Unable to open session: The name org.freedesktop.ConsoleKit was not provided by any .service files
据我所知, ChrootDirectory没有正确设置。
它应该被设置为:
ChrootDirectory /data/jail