Untitled

addgroup echoonly
CHROOT=/var/chroot/echo
mkdir -p "$CHROOT"
chown root:root /var/chroot "$CHROOT"
# dependig on distro it might be /usr/bin/cat -> check with `which echo`
useradd -d "$CHROOT" -s /bin/cat -M -N -g echoonly echo
passwd -d echo # make account passwordless
# Let's make chroot
mkdir -p "$CHROOT"/var/chroot/echo
mkdir -p "$CHROOT"/bin
cp /bin/cat "$CHROOT"/bin/echo
mkdir "$CHROOT"/dev/pts
echo '/dev/pts "$CHROOT"/dev/pts none defaults,bind 0 0' >> /etc/fstab
mount "$CHROOT"/dev/pts

$ $EDITOR /etc/ssh/sshd_config # add:
# based on https://goo.gl/TjhrWd
Match user echo
       ChrootDirectory /var/chroot/cat
       X11Forwarding no
       AllowTcpForwarding no
       ForceCommand /bin/echo
       PasswordAuthentication yes
       PermitEmptyPasswords yes

ssh echo@1.2.3.4
echo@1.2.3.4's password:
Permission denied, please try again.

/usr/sbin/sshd -ddd -p 1234
(...)
debug1: userauth-request for user echo service ssh-connection method password [preauth]
debug1: attempt 2 failures 1 [preauth]
debug2: input_userauth_request: try method password [preauth]
debug3: mm_auth_password entering [preauth]
debug3: mm_request_send entering: type 12 [preauth]
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD [preauth]
debug3: mm_request_receive_expect entering: type 13 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 12
debug3: PAM: sshpam_passwd_conv called with 1 messages
debug1: PAM: password authentication failed for echo: Authentication failure
debug3: mm_answer_authpassword: sending result 0
debug3: mm_request_send entering: type 13
Failed password for echo from 192.168.1.1 port 43816 ssh2
debug3: mm_auth_password: user not authenticated [preauth]
debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]

sudo sed -i 's/nullok_secure/nullok/' /etc/pam.d/common-auth