[ale] Chrooting a user logged in over telnet

Michael Trausch mike at trausch.us
Fri Aug 17 21:42:46 EDT 2012 

Without doing some experimentation, I can't tell you exactly what to do,
but basically you need a minimal /dev there. Leave out block devices and so
forth so that the environment is (relatively) secure, but note that chroot
jails can be easily broken out of.

Also, as an aside; telnet doesn't have to be insecure. If memory serves, it
is possible to use Kerberos with Telnet so long as both client and server
support it, for both confidentiality and authentication.
On Aug 17, 2012 8:32 PM, "Ted W" <ted at techmachine.net> wrote:

> So, before anyone gets up in arms about telnet being a bad idea (I've had
> this lecture already, can you tell!?), I am setting this up as an
> educational exercise. This VM is running on an isolated virtual network,
> etc, etc, yada, yada.
>
> I'm trying to accomplish something similar to ssh chroot but using telnet.
> The server is running Slackware Linux. I've get xinetd installed and have
> the following in /etc/xinetd.d/telnet-server:
>
> service telnet
> {
>        socket_type     = stream
>        protocol        = tcp
>        wait            = no
>        disable         = no
>        user            = root
>        port            = 23
>        server          = /usr/bin/chroot
>        server_args     = /chroot /usr/sbin/in.telnetd -h
>        flags           = NORETRY
>        instances       = 32
>        per_source      = 2
>        cps             = 5 10
>        max_load        = 2
>        nice            = 10
> }
>
> xinetd starts without issue, however, whenever I try to connect to my
> server over telnet I get a message saying that there are no available
> connections and am booted out of the system. From the research I've done it
> seems it's because the chroot environment is missing /dev/pty*, /dev/pts*
> (one or both of those, not quite sure). This is where I hit a dead end,
> however. I found how to create /dev/null and /dev/zero using mknod and I
> believe I may have to do the same for these but I'm not exactly sure what.
>
> If someone could point me in the right direction I would be greatly
> appreciative. I've got everything I need setup for this over ssh but I need
> telnet so I can listen in on the communication between the client and
> server.
>
> Thanks in advance,
> --
> Ted W. < Ted at Techmachine.net >
> Registered GNU/Linux user #413569
>
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20120817/bf2c7712/attachment.html

More information about the Ale mailing list