[ale] Chrooting a user logged in over telnet

Erik Mathis erik at mathists.com
Fri Aug 17 22:28:28 EDT 2012


Yep

MAKEDEV is the cmd you want

-Erik-

On Fri, Aug 17, 2012 at 9:42 PM, Michael Trausch <mike at trausch.us> wrote:
> Without doing some experimentation, I can't tell you exactly what to do, but
> basically you need a minimal /dev there. Leave out block devices and so
> forth so that the environment is (relatively) secure, but note that chroot
> jails can be easily broken out of.
>
> Also, as an aside; telnet doesn't have to be insecure. If memory serves, it
> is possible to use Kerberos with Telnet so long as both client and server
> support it, for both confidentiality and authentication.
>
> On Aug 17, 2012 8:32 PM, "Ted W" <ted at techmachine.net> wrote:
>>
>> So, before anyone gets up in arms about telnet being a bad idea (I've had
>> this lecture already, can you tell!?), I am setting this up as an
>> educational exercise. This VM is running on an isolated virtual network,
>> etc, etc, yada, yada.
>>
>> I'm trying to accomplish something similar to ssh chroot but using telnet.
>> The server is running Slackware Linux. I've get xinetd installed and have
>> the following in /etc/xinetd.d/telnet-server:
>>
>> service telnet
>> {
>>        socket_type     = stream
>>        protocol        = tcp
>>        wait            = no
>>        disable         = no
>>        user            = root
>>        port            = 23
>>        server          = /usr/bin/chroot
>>        server_args     = /chroot /usr/sbin/in.telnetd -h
>>        flags           = NORETRY
>>        instances       = 32
>>        per_source      = 2
>>        cps             = 5 10
>>        max_load        = 2
>>        nice            = 10
>> }
>>
>> xinetd starts without issue, however, whenever I try to connect to my
>> server over telnet I get a message saying that there are no available
>> connections and am booted out of the system. From the research I've done it
>> seems it's because the chroot environment is missing /dev/pty*, /dev/pts*
>> (one or both of those, not quite sure). This is where I hit a dead end,
>> however. I found how to create /dev/null and /dev/zero using mknod and I
>> believe I may have to do the same for these but I'm not exactly sure what.
>>
>> If someone could point me in the right direction I would be greatly
>> appreciative. I've got everything I need setup for this over ssh but I need
>> telnet so I can listen in on the communication between the client and
>> server.
>>
>> Thanks in advance,
>> --
>> Ted W. < Ted at Techmachine.net >
>> Registered GNU/Linux user #413569
>>
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>


More information about the Ale mailing list