Home > Slackware > wikileaks mirror Slackware 10.1.0 rsync jail openssh

wikileaks mirror Slackware 10.1.0 rsync jail openssh

1. update openssh from openssh-4.1 to OpenSSH_5.6p1
backup the ssh configs : cp -rp /etc/ssh /etc/ssh.bckp
install latest ssh :

mkdir -p /opt/installs/sshcvs
cd /opt/installs/sshcvs
export CVSROOT=anoncvs@anoncvs.mindrot.org:/cvs
export CVS_RSH=/usr/bin/ssh
cvs get openssh
cd openssh
autoreconf
./configure
make -j3
make -j3 install

fix the /etc/rc.d/rc.sshd start script
root@zulu:[Mon Dec 06 03:45:04]:[/opt/installs/sshcvs/openssh]$ diff /etc/rc.d/rc.sshd /etc/rc.d/rc.sshd.4.1
7c7
<     /usr/local/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
---
>     /usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''
10c10
<     /usr/local/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
---
>     /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
13c13
<     /usr/local/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
---
>     /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
15c15
<   /usr/local/sbin/sshd
---
>   /usr/sbin/sshd


in a view to save the previous ssh keys :
cp /etc/ssh/ssh_host_* /usr/local/etc/

restart the sshd :
/etc/rc.d/rc.sshd restart

2. install jailkit:

cd /opt/installs/
wget http://olivier.sessink.nl/jailkit/jailkit-2.13.tar.bz2
tar xvf jailkit-2.13.tar.bz2
cd /opt/installs/jailkit-2.13/
./configure
make -j3
make -j3 install

3. setup wikileaks rsync user

mkdir /home/jail
chown root:root /home/jail
chmod 0755 /home/jail
jk_init -j  /home/jail jk_lsh
jk_init -j  /home/jail rsync
jk_socketd

adduser wiki_upl_4636_26g
jk_jailuser  -m  -j /home/jail  wiki_upl_4636_26g
cat /etc/jailkit/jk_lsh.ini
[wiki_upl_4636_26g]
paths = /usr/bin
executables= /usr/bin/rsync
allow_word_expansion = 1

cd /home/jail/home/wiki_upl_4636_26g
mkdir .ssh
cd .ssh
curl http://213.251.145.96/id_rsa.pub > authorized_keys
chown -R wiki_upl_4636_26g:wikileaks  /home/jail/home/wiki_upl_4636_26g/.ssh

killall jk_socketd
jk_socketd

usual vhost configuration of lighttpd or apache pointing to /home/jail/home/wiki_upl_4636_26g/htdocs

Done:
wikileaks now may rsync to their htdocs with no passwd

rsync -avz -e ssh /projects/wikileaks/htdocs/* wiki_upl_4636_26g@host:~/htdocs

I hate so much banks and politicians …

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: