Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #
- # This script creates a chrooted user, scp enabled, on an Amazon Linux aws instance
- #
- # 2017-10-05
- #
- # change username and password here:
- username="abc"
- password="123456"
- # create groups
- groupadd sftp
- # create chrooted user
- useradd -m $username -G sftp
- echo $username:$password | chpasswd
- # enable password authentication in sshd
- cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before_chroot
- cat /etc/ssh/sshd_config | sed -e "s/PasswordAuthentication no/PasswordAuthentication yes/" > /etc/ssh/temp_sshd_config
- mv -f /etc/ssh/temp_sshd_config /etc/ssh/sshd_config
- # disable default sftp subsystem configuration in sshd
- sed -e '/Subsystem sftp/ s/^#*/#/' -i /etc/ssh/sshd_config
- # add sftp subsystem configuration to sshd
- echo "Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config
- echo "Match Group sftp" >> /etc/ssh/sshd_config
- echo " ChrootDirectory %h" >> /etc/ssh/sshd_config
- echo " AllowTcpForwarding no" >> /etc/ssh/sshd_config
- # restart ssh service
- /etc/init.d/sshd restart
- # create the chrooted directory structure
- mkdir /home/$username/bin
- mkdir /home/$username/dir
- mkdir /home/$username/usr
- mkdir /home/$username/usr/bin
- mkdir /home/$username/usr/libexec
- mkdir /home/$username/usr/libexec/openssh
- mkdir /home/$username/lib/
- mkdir /home/$username/etc
- mkdir /home/$username/dev
- mkdir /home/$username/dev/pts
- # copy all dependencies
- cp --parents `ldd /bin/bash | cut -d " " -f 3` /home/$username
- cp --parents `ldd /usr/bin/scp | cut -d " " -f 3` /home/$username
- cp --parents `ldd /usr/libexec/openssh/sftp-server | cut -d " " -f 3` /home/$username
- cp --parents `ldd /bin/ls | cut -d " " -f 3` /home/$username/
- cp /usr/lib64/libnss3.so /home/$username/lib64/
- cp /usr/lib64/libtic.so.5 /home/$username/lib64/
- cp /lib64/ld-linux-x86-64.so.2 /home/$username/lib64/
- cp /usr/lib64/libssl3.so /home/$username/lib64/
- cp /bin/bash /home/$username/bin/
- cp /usr/bin/scp /home/$username/usr/bin/scp
- cp /usr/libexec/openssh/sftp-server /home/$username/usr/libexec/openssh/
- cp /bin/ls /home/$username/bin/
- cp /lib64/libnss* /home/$username/lib64/
- cp /usr/lib64/libnss* /home/$username/usr/lib64/
- cp --parents `find . -type f -exec ldd '{}' \; | awk '{print $3}' | sort | uniq | grep -v '('` /home/$username/
- cp -vf /etc/{passwd,group} /home/$username/etc/
- cp -r /etc/ld.so* /home/$username/etc/
- # create non-files
- mknod -m 666 /home/$username/dev/null c 1 3
- mknod -m 666 /home/$username/dev/tty c 5 0
- mknod -m 666 /home/$username/dev/zero c 1 5
- mknod -m 666 /home/$username/dev/random c 1 8
- mount --bind /dev/pts /home/$username/dev/pts
- # get the directory permissions right
- chown $username.$username /home/$username/. -R
- chmod 0755 /home/$username/bin
- chmod 0666 /home/$username/.bashrc
- chown root.root /home/$username
- chmod 0755 /home/$username
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement