Help! Need to stop SSH users snooping around

feenster99 · 24 May 2007 at 12:50

Hi all,
I've got a server that is receiving data from various users outside my network via SSH (using Rsync). Each user is setup on my server, with their shell pointing to /bin/bash. They are authenticated against the server via a public key when the data is sent. They can also login via FTP to view their data with their username and password.

To be extra safe, I want to ensure that a user couldn't log in with SSH and look at the other folders/users on the server. If they could be locked into their home directory, that would be ideal. If not, is there another obvious way to handle this so User-A can't even see User-B's files?

Cheers,
Matt

saffyre · 24 May 2007 at 13:34

Folder permissions. Just change the permissions of the other users directories so that the other users dont even have read permissions. Chmod 755 or somthing like that.

FirebarUK · 24 May 2007 at 13:35

Afaik chrooting SSH would do this, you could ensure that they only have access to the /home dir. Not sure how you could lock them down into /home/bob other than perhaps remove 'others' (and more than likely 'group') read permissions.

feenster99 · 24 May 2007 at 15:03

Hi Chaps,
I could do the permissions thing to only allow user and group access (I guess I Umask any files through SSH?), but users would still be able snoop around see what folders are on there couldn't they? My folder structure is a bit like this:

Code:

/Users
        /UserA
                 /Data
        /UserB
                 /Data

....etc. So would appropriate permissions stop them even seeing that a /Users/UserB folder existing by doing an ls -l? Each user has their own group by the way, the same as their username.

I have FTP chroot'ed nicely - I understand why it's not quite as easy to achieve with SSH, but surely, i'm not asking for anything unusual am I?

Matt

whitecrook · 24 May 2007 at 18:42

google chroot ssh

feenster99 · 24 May 2007 at 19:47

I've spent a couple of hours Googling today, and can't find a definitive answer. There seems to be numerous ways to do it, but they all look fairly complex. I was rather hoping for something I could install through apt-get, and then just tweak a config file - i'm still fairly new to Linux, so it's proving a bit tricky for me to workout a way through it.

Matt

FirebarUK · 24 May 2007 at 19:56

no repo with it in? I know you can get hold of some chrooted services through apt-get (such as bind and apache).

feenster99 · 24 May 2007 at 21:50

I couldn't find anything today when i looked through. The closest thing i can find is Jailkit. There's a tutorial for it here:
http://ubuntuforums.org/showthread.php?t=248724

It looks fairly easy to setup - still not brilliant, but the best i've come across thus far.

Matt

Hate · 25 May 2007 at 00:07

im afraid the simple way is to change permissions on the directory, this means the person can see them - but shoud they try and cd into it then they'll get a permission denied.

feenster99 · 25 May 2007 at 07:59

Hi,
I will change the permissions then, sounds like a good start.

However, the more I read and think about, the more I see my situation is different, and that I may not even need to allow people SSH access at all. The only reason they have SSH access at the moment, is to send data via Rsync through the Internet (using the --rsh="ssh -p xx" command. I wonder if I could achieve the same thing by setting up the Rsync daemon to receive data? Does that sound like a better solution? I could then give my users a null shell so they couldn't login.

Matt

MikeTimbers · 26 May 2007 at 11:29

Set their shell to /bin/false. They would then be able to send the data but not login.

feenster99 · 28 May 2007 at 16:35

MikeTimbers said:
Set their shell to /bin/false. They would then be able to send the data but not login.

Ah i seem to remember trying that originally, but came across problems sending data or viewing FTP. Perhaps I set it to /dev/null instead, can't remember.

I'll try it out this week and post back

Matt

GarethDW · 29 May 2007 at 00:43

Hate said:
im afraid the simple way is to change permissions on the directory, this means the person can see them - but shoud they try and cd into it then they'll get a permission denied.

This is what I was thinking... or do you want to prevent User A from even knowing that User B exists, as opposed to just having them not knowing what User B's directory contains?

FirebarUK · 30 May 2007 at 12:41

You could use SELinux or AppArmor (would involve changing to SuSE atm).

I've just set up an ssh profile for AppArmor so that users accessing through it cannot access certain directories.

Just another tool to add to your book of possible ideas

feenster99 · 31 May 2007 at 21:04

Hi Firebar,
Thanks for your info. I'm using Ubuntu at the moment, and am quite happy with it. I'll look into Suse and AppArmor though

Matt