chroot user

[seVes]

Hi guys and girls,

i know - this question be asked for several times in the past, but i am honest to you:
i really dont find any useful howto, to realize what i want.

i tried lots of examples and finally i throw all of them into the trash, drunk a beer and cool down.

i (oh my god, the 4th "i"-starting...) have a dedicated server which hosts gameservers for a community.
the community has approx 4000 members, 100 admins, 10 server-operators (these should start,stop,restart a gameserver).

because the old provider/hoster gets hacked (or whatever, we lost everything), i decided to make my own server - with much more security features.
starting with iptables, ending with sftp-access over pubkey, root denied, ...

ok, so any server-operator (same group) must be able to connect via ssh (pubkey too.) to the dedicated server, but in chroot.
they should only launch one script (bash), can't surf the server, upload, download - whatever.

only connect, execute a bash-script and thats all..
(no ls, no cd, no pwd, no -whatever-, ...)

can someone of you and i know it would get on nerves describe me how to do? step for step?

you're so welcome for that!
ty anyway!
_________________
Alex / seVes

[szatox]

Well, I don't know what exacly your goal is, but you might be interested in giving virtual private servers to your users, so they would be able to login with ssh only to virtual servers and NOT to phisical host. You might also want to look at this tiny snippet cut from /etc/ssh/sshd.conf

[gerdesj]

Break the problem down into pieces.

You have a lot of requirements and a large number of users. Separate boxes are probably needed for a job this size. They could be separate VMs on one physical box. If you can then a VMWare ESXi or HyperV or Xen or a Gentoo minimal host with libvirtd and KVM. Ideally you would have multiple physical hosts in a cluster.

You will probably need a firewall, a user directory, game servers and session servers.

If I was doing this then I would use pfSense for the firewall and router, with several VLANs - one for management, one for game servers, one for login session servers, one for WAN.

I would probably use OpenLDAP for users. I would have a login/session machine. Finally I would have my game servers machine. I might have another machine for oversight/monitoring.

Each machine would have just what is necessary for the job they have to do and they would be firewalled off from each other in such a way that minimal access is allowed between each one. I would probably have multiple backend systems in a cluster and use pfSense to load balance them so I can update them one at a time without killing the service.

Now it becomes easier to secure and set things up, security and flexibility is built into the design. As you finish a piece it stands alone and you can also update bits at a time without bringing down the entire service.

The session server(s) would have game server control scripts and chrooted user logins validated by the LDAP/AD/NIS directory chosen. Only the session boxes would be available for shell login from the internet on a non standard ssh port with keys and password. You may want to have two or more of these - one for admins, one for operators. Each would be very basic in what it has installed. Enough only for the job it does.

For real fun, you could have freshly minted images of user facing components that are recreated daily, so if someone hacked your session servers their little extras are destroyed at the next refresh.

You would use OpenVPN or an IPSEC tunnel to the firewall to manage this lot and the firewall would only allow connections from your home IP address.

You might use containers instead of full VMs, but we don't have a huge amount to go on in your post Hopefully I've given you some ideas.

Cheers
Jon

[seVes]

okay ty for your replies, but its just what i wrote i want

everything else is just setup.
i dont want openvpn, ldap, vservers, whatever...

i just want to have a shell where users can login, but only can access a script instead of browsing the whole server!

i finally get it worked with the portage-app "app-misc/jail".
i can locally change to the user "srvop" which is jailed, he gets log in and is jailed. works.

but this doesnt work from remote, because:

the main machine is setup to deny password-logins, just accept publickeys... okay...
the problem is, if the user "srvop" wants to login, he gets denied with "Permission denied (publickey)."
thats caused because he logins into the shell "jail", but the shell doesnt recognized his pubkey???

its hard to explain :-/

second:
why users can login with different username without enter passwords while using pubkey?
e.g.

- user1, pw1, home1
- user2, pw2, home1

user1 is able to login with account user2 without enter the password from user2 and see everything where user2 has permissions.
shouldn't be that password-protected? what i am missing in sshd?

i only want to have it that way:
logins via sftp only available via having a pubkey and enter the user-password
logins via ssh only with user "srvop", enter the password, having the pubkey
_________________
Alex / seVes

[Hu]

[gerdesj]