70 أسطر
2.0 KiB
Bash
70 أسطر
2.0 KiB
Bash
#!/bin/bash
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root or use sudo."
|
|
exit 1
|
|
fi
|
|
|
|
# Configuration
|
|
USERNAME="tecmint1" # Replace with your username
|
|
PASSWORD="secure123" # Replace with your password
|
|
JAIL_PATH="/var/lib/" # Replace with your desired jail path
|
|
|
|
# Step 1: Create SSH Chroot Jail at your specified path
|
|
mkdir -p $JAIL_PATH
|
|
cd $JAIL_PATH
|
|
|
|
# Create dev directory and required device files
|
|
mkdir -p dev
|
|
cd dev
|
|
mknod -m 666 null c 1 3
|
|
mknod -m 666 tty c 5 0
|
|
mknod -m 666 zero c 1 5
|
|
mknod -m 666 random c 1 8
|
|
cd ..
|
|
|
|
# Set ownership and permissions for the jail
|
|
chown root:root $JAIL_PATH
|
|
chmod 0755 $JAIL_PATH
|
|
|
|
# Step 2: Setup Interactive Shell
|
|
mkdir -p bin
|
|
cp -v /bin/bash bin/
|
|
|
|
# Copy required shared libraries
|
|
mkdir -p lib64
|
|
cp -v /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} lib64/
|
|
|
|
# Step 3: Create and Configure SSH User
|
|
useradd $USERNAME
|
|
echo "$USERNAME:$PASSWORD" | chpasswd
|
|
|
|
# Create etc directory and copy passwd and group files
|
|
mkdir -p etc
|
|
cp -vf /etc/{passwd,group} etc/
|
|
|
|
# Modify the user's home directory in the chrooted passwd file
|
|
sed -i "s|^$USERNAME:.*|$USERNAME:x:$(id -u $USERNAME):$(id -g $USERNAME)::/:/bin/bash|" $JAIL_PATH/etc/passwd
|
|
|
|
# Step 4: Configure SSH to Use Chroot Jail
|
|
echo "
|
|
Match User $USERNAME
|
|
ChrootDirectory $JAIL_PATH
|
|
ForceCommand internal-sftp" >> /etc/ssh/sshd_config
|
|
|
|
# Restart SSH service
|
|
systemctl restart sshd
|
|
|
|
# Step 5: Set the desired directory as the working directory (no home directory needed)
|
|
# The user will be placed directly in /var/k3s/storage/mypvc when they connect
|
|
|
|
# Step 6: Add Basic Commands (Optional - for debugging)
|
|
cp -v /bin/{ls,date,mkdir} $JAIL_PATH/bin/
|
|
# Copy required libraries for these commands
|
|
cp -v /lib64/{libselinux.so.1,libcap.so.2,libacl.so.1,libc.so.6,libpcre.so.1,libdl.so.2,ld-linux-x86-64.so.2,libattr.so.1,libpthread.so.0} $JAIL_PATH/lib64/
|
|
|
|
chmod -R a+rX $JAIL_PATH
|
|
|
|
echo "Chroot jail setup completed for user $USERNAME at $JAIL_PATH"
|
|
echo "User will be placed directly in $JAIL_PATH when connecting via SFTP" |