Chrooted SSH Shell - Who Logged In?
Results 1 to 5 of 5

Thread: Chrooted SSH Shell - Who Logged In?

  1. #1
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130

    Chrooted SSH Shell - Who Logged In?

    OK well here's my question of the week...

    I have recently brought a public webserver online, which includes ssh acess to itself to allow users to manage thier webspace.

    Here's the rub: all the servies on this box are chrooted, including the ssh server they are logging in to, and the apache server thier pages are served up from. The /home direcory is mounted in multiple location to allow this.

    So, when I have users logged in to my chrooted ssh server, the "w" ,"who" amd whatnot commands show only people logged in locally, or people logged in to the main box via an ssh connection on another port which is not chrooted.

    I need a way to quickly tell who is logged in via a chrooted ssh shell, such as the output given with the "who" command"...

    Any ideas?
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Posts
    394
    May be use some user logon script that can get user name and send it to someone?
    // too far away outside of limit

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    If they are chroot, won't they also have their own /var ? If so you could use last with a -f and point it to their /var/log/wtmp file ?
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    where I have sort of the same setup I mounted /proc and /dev/pts twice. Once in the real root, and another time in the chroot. That should make your w and who and ps commands work.

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Nebulus, Heretic, those were exactly the answers I was looking for.

    last -f <filename> will tell me who is logged, and can be run from outside the jail without the need to mount /dev/pts and /proc twice.

    With /dev/pts and /proc mounted within the jail, the w, who, whoami and whatnot commands all work. Additionally, the write and talk programs are working now too, however they cannot communicate outside the jail, but that is the whole point, after all.

    I would like to avoid mounting /dev/pts and /proc inside the jail. Well, actually I need /dev/pts for ssh logins to work, but /proc is not needed to connect to it. It gives out a whole crapload of info about my system, which rather defeats the point of having a jail.

    What about making a "proc" goup, setting all of /proc to be owned by that group, and then setting the w, who, write and whatever commands that need /proc to also be in that group, and then setting those commands sgid? That way users would not be able to peek inside /proc except through the use of an authorized program. I think that would work, but can anyone think of any security implications for it?
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •