
Using OpenSSH you can bind SSH, SFTP, SCP or RSYNC users to their home directory and restrict them to access other directories on the SSH server. In this article we will demonstrate on configuring Rsync on ssh chroot jail secure system environment.
Topic
-
How to configure chroot rsync?
-
How to configure chroot rsync on CentOS 7?
-
How to configure chroot rsync on RHEL 7?
-
How to get chroot rsync working in chroot ssh sandbox environment?
-
Rsync on ssh chroot jail
-
Chroot rsync over ssh
Solution
Setting up a secure or chroot ssh and rsync environment requires a sandox environment which has its own libraries and binaries. In this article, we’ll bind all ssh
and rsync
users who are part of chrootssh group into /data/chroot-ssh
directory. This article has been tested on CentOS 7 and RHEL 7. You can refer to the steps given in this article to configure chroot ssh and rsync on other Linux distributions.
- In order to setup Rsync on ssh chroot jail, configure chroot ssh environment with the help of the following article:
Chroot SSH Configuration on Linux|RHEL|CentOS
- After chroot ssh environment setup is completed, execute following set of commands to get
rsync
command working in chroot ssh sandbox environment.
- Remove all contents from
/data/chroot-ssh/lib64
directory.
rm -rf /data/chroot-ssh/lib64/*
- Mount
/lib64
directory at/data/chroot-ssh/lib64
directory with mount bind option.
mount --bind /lib64 /data/chroot-ssh/lib64
# To the make the above mount permanent add the following configuration in /etc/fstab file.
/lib64 /data/chroot-ssh/lib64 - defaults,bind 0 0
- Copy rsync binary to
/data/chroot-ssh/bin/
directory.
cp -p /usr/bin/rsync /data/chroot-ssh/bin/
- Create a passwd and group file in
/data/chroot-ssh/etc
directory and then copy the specific ssh user and group information to passwd and group file in/data/chroot-ssh/etc
directory.
# sample chroot ssh user is test ssh and group is chrootssh
cd /data/chroot-ssh/etc
grep chrootssh /etc/group >> group
grep testssh /etc/passwd >> passwd
- Now restart sshd service and start rsync file transfer.
Testing
Execute the following command for ssh login and rsync file transfer testing.
# Rsync file transfer
$ rsync -avz file1.txt testssh@192.168.1.1:~/
testssh@192.168.1.1's password:
sending incremental file list
connect
sent 99 bytes received 35 bytes 24.36 bytes/sec
total size is 0 speedup is 0.00
# SSH Login
$ ssh testssh@192.168.1.1
testssh@192.168.1.1's password:
-bash-4.2$ pwd
/home/testssh
-bash-4.2$ ls
file1.txt
If you have enjoyed the above article, the following are add on articles related to Rsync on ssh chroot jail:
- SSH|SFTP Passwordless Login on Linux|CentOS|RHEL|Ubutu
- Chroot SFTP Configuration
- passwordless chroot SFTP
- SSH login delay|slow
- SFTP on chroot ssh jail
- SCP on chroot jail
- Chroot SSH Configuration on Linux|RHEL|CentOS