API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 5th, 2017
682
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.70 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. #
  4. # This script creates a chrooted user, scp enabled, on an Amazon Linux aws instance
  5. #
  6. # 2017-10-05
  7. #
  8.  
  9. # change username and password here:
  10. username="abc"
  11. password="123456"
  12.  
  13. # create groups
  14. groupadd sftp
  15.  
  16. # create chrooted user
  17. useradd -m $username -G sftp
  18. echo $username:$password | chpasswd
  19.  
  20. # enable password authentication in sshd
  21. cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before_chroot
  22. cat /etc/ssh/sshd_config | sed -e "s/PasswordAuthentication no/PasswordAuthentication yes/" > /etc/ssh/temp_sshd_config
  23. mv -f /etc/ssh/temp_sshd_config /etc/ssh/sshd_config
  24.  
  25. # disable default sftp subsystem configuration in sshd
  26. sed -e '/Subsystem sftp/ s/^#*/#/' -i /etc/ssh/sshd_config
  27.  
  28. # add sftp subsystem configuration to sshd
  29. echo "Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config
  30. echo "Match Group sftp" >> /etc/ssh/sshd_config
  31. echo " ChrootDirectory %h" >> /etc/ssh/sshd_config
  32. echo " AllowTcpForwarding no" >> /etc/ssh/sshd_config
  33.  
  34. # restart ssh service
  35. /etc/init.d/sshd restart
  36.  
  37. # create the chrooted directory structure
  38. mkdir /home/$username/bin
  39. mkdir /home/$username/dir
  40. mkdir /home/$username/usr
  41. mkdir /home/$username/usr/bin
  42. mkdir /home/$username/usr/libexec
  43. mkdir /home/$username/usr/libexec/openssh
  44. mkdir /home/$username/lib/
  45. mkdir /home/$username/etc
  46. mkdir /home/$username/dev
  47. mkdir /home/$username/dev/pts
  48.  
  49. # copy all dependencies
  50. cp --parents `ldd /bin/bash | cut -d " " -f 3` /home/$username
  51. cp --parents `ldd /usr/bin/scp | cut -d " " -f 3` /home/$username
  52. cp --parents `ldd /usr/libexec/openssh/sftp-server | cut -d " " -f 3` /home/$username
  53. cp --parents `ldd /bin/ls | cut -d " " -f 3` /home/$username/
  54. cp /usr/lib64/libnss3.so /home/$username/lib64/
  55. cp /usr/lib64/libtic.so.5 /home/$username/lib64/
  56. cp /lib64/ld-linux-x86-64.so.2 /home/$username/lib64/
  57. cp /usr/lib64/libssl3.so /home/$username/lib64/
  58. cp /bin/bash /home/$username/bin/
  59. cp /usr/bin/scp /home/$username/usr/bin/scp
  60. cp /usr/libexec/openssh/sftp-server /home/$username/usr/libexec/openssh/
  61. cp /bin/ls /home/$username/bin/
  62. cp /lib64/libnss* /home/$username/lib64/
  63. cp /usr/lib64/libnss* /home/$username/usr/lib64/
  64. cp --parents `find . -type f -exec ldd '{}' \; | awk '{print $3}' | sort | uniq | grep -v '('` /home/$username/
  65. cp -vf /etc/{passwd,group} /home/$username/etc/
  66. cp -r /etc/ld.so* /home/$username/etc/
  67.  
  68. # create non-files
  69. mknod -m 666 /home/$username/dev/null c 1 3
  70. mknod -m 666 /home/$username/dev/tty c 5 0
  71. mknod -m 666 /home/$username/dev/zero c 1 5
  72. mknod -m 666 /home/$username/dev/random c 1 8
  73. mount --bind /dev/pts /home/$username/dev/pts
  74.  
  75. # get the directory permissions right
  76. chown $username.$username /home/$username/. -R
  77. chmod 0755 /home/$username/bin
  78. chmod 0666 /home/$username/.bashrc
  79. chown root.root /home/$username
  80. chmod 0755 /home/$username
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!