I am learning yocto , writing a recipe to jail/restrict a SSH user to a particular directory. For example I have created a user in machine.conf file
EXTRA_USERS_PARAMS = " useradd -P linuxopsys linuxopsys"
My yocto recipe is
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"
do_install() {
#create directories
install -d ${D}/home/test_dir
install -d ${D}/home/test_dir/dev
install -d ${D}/home/test_dir/bin
install -d ${D}/home/test_dir/lib
install -d ${D}/home/test_dir/etc
#create dev files
mknod -m 666 ${D}/home/test_dir/dev/null c 1 3
mknod -m 666 ${D}/home/test_dir/dev/tty c 5 0
mknod -m 666 ${D}/home/test_dir/dev/zero c 1 5
mknod -m 666 ${D}/home/test_dir/dev/random c 1 8
# Add chown and chmod commands
chown root:root ${D}/home/test_dir/
chmod 0755 ${D}/home/test_dir
ln -s ${IMAGE_ROOTFS}/bin/busybox.nosuid ${D}/home/test_dir/bin/sh
cp -r ${STAGING_DIR_TARGET}/lib/{ld-linux-aarch64.so.1,libc.so.6} ${D}/home/test_dir/lib
cp -r ${COMPONENTS_DIR}/aarch64/ncurses/lib/libtinfo.so.5 ${D}/home/test_dir/lib
cp -r ${COMPONENTS_DIR}/aarch64/ncurses/lib/libtinfo.so.5.9 ${D}/home/test_dir/lib
cp -r ${STAGING_DIR_NATIVE}/etc/{passwd,group} ${D}/home/test_dir/etc/
}
FILES_${PN} += "/home/test_dir/*"
My sshd_conf file i have added these changes :
#define username to apply chroot jail to
Match User linuxopsys
#specify chroot jail
ChrootDirectory /home/test_dir
I am unable to jail this user and ssh to this user fails. Reference : https://linuxopsys.com/topics/restrict-ssh-access-to-user-home-directory-on-ubuntu
I Tried jailing a SSH user by creating a yocto recipe , I expected that user to be jailed or restricted to a particular directory and it resulted a particular user to not get access to SSH itself.
