Re: [Jailkit-users] jail all users by default

[Olivier Sessink]

Alex wrote:
> What I would like to do is basically create an “SSH proxy” and Jailkit
> looks very promising at doing this except I do not want to manage users
> on the system.  
> 
>  
> 
> Could I for instance have users authenticate with pam (which is in use
> now to centrally manage users) and then be placed in a default jail
> which they would only be able to SSH out of or what ever other service
> that I would allow. 
> 
>  
> 
> Currently a user authenticates they are given a default shell
> /usr/bin/ksh and a home directory on a NFS /nfs/home/<user>.  I would
> like the user to be jailed by default.

You mean a SSH proxy like
http://olivier.sessink.nl/jailkit/howtos_ssh_only.html ?

There are several things you could use.

If the users shell is jk_chrootsh you can use the options
skip_injail_passwd_check and injail_shell for all users:

[DEFAULT]
skip_injail_passwd_check=1
injail_shell=/bin/bash

pam_chroot is another utility you should look at if the shell for the
user is different. You can setup the chroot jail for pam_chroot with
Jailkit perfectly.

pam_chroot in combination with jk_lsh should be possible as well (but I
haven't tested it).

regards,
        Olivier