busybox static chroot

busybox-static-chroot.md

create user

usermod -G chrootlogin joe

add to sshd_config

change file /etc/ssh/sshd_config

Subsystem     sftp   internal-sftp
Match Group sftp
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding 

match Group chrootlogin
	ChrootDirectory /opt/chroot

Prepare chroot

mkdir /opt/chroot
cd /opt/chroot
mkdir {bin,dev,lib}
cp -p /bin/busybox bin/
#cp -p /lib/{ld-linux.so.2,libc.so.6,libdl.so.2,libtermcap.so.2} lib/
mknod dev/null c 1 3
mknod dev/zero c 1 5
chmod 0666 dev/{null,zero}
chroot /opt/chroot /bin/busybox --install -s /bin
chmod +s /opt/chroot/bin/busybox
mkdir -p /opt/chroot/home/joe