How to perform Debian chroot installation

In this tutorial we will deal specifically with Debian Chroot environment. Running a Linux system inside a chroot environment allows a system administrator to decrease the impact on a production server when the server gets compromised.

Change root will change the root directory to all currently running processes and its children to a chroot jail. Testing of various package installations and server configuration in a chrooted environment can be another handy way how to utilize a chroot jail.

In this tutorial, we will cover the step by step instructions to setup chroot on Debian Linux. The instructions will also work for other Debian based systems.

In this tutorial you will learn:

  • How to install debootstrap
  • How to setup chroot on Debian Linux
  • How to SSH into chroot jail

"How

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Debian Linux
Software debootstrap
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Install debootstrap




The first thing we will need to do is install the debootstrap package on Debian. This software will allow us to create a chroot environment. Use the following command to install the package with Debian’s package manager.

$ sudo apt update
$ sudo apt install debootstrap

Install chroot environment

Now, it’s time to install the chroot environment. Follow the steps below to get it set up.

  1. First, create a directory where you would like the chroot environment to reside. We’ll keep it simple and go with /mnt/chroot in this tutorial.
    $ sudo mkdir -p /mnt/chroot
    
  2. Once your new chroot directory is ready, we will use debootstrap to install new Debian system files within the chroot environment. The installation may take some time as debootstrap will have to download and install core packages.
    $ sudo debootstrap stable /mnt/chroot http://deb.debian.org/debian/
    

    You’ll see a lot of output in your terminal, but it should wrap up with the “I: Base system installed successfully” text, which means it has finished.

    "Installing

  3. Lastly, connect your host proc system with chroot environment by mounting within chroot directory. This allows chroot to access the hardware of your host system.
    $ sudo mount -t proc proc /mnt/chroot/proc
    $ sudo mount -t devpts devpts /mnt/chroot/dev/pts
    



Chroot Debian Configuration

Now, we are ready to login into chroot and do some basic configuration. To avoid confusion between the host and chroot environment, we can change root’s PS1 variable to a shell prompt to chroot# . This step is optional but recommended.

  1. First, login to chroot.
    $ sudo chroot /mnt/chroot /bin/bash --login
    
  2. Execute the following Linux command to permanently change root’s shell prompt and exit.
    # echo 'PS1="chroot:\w# "' >> ~/.bashrc
    # exit
    
  3. Next time you enter the chroot environment, you will have a new shell prompt.
    # chroot /mnt/chroot /bin/bash --login
    

    Changing the PS1 variable allows us to easily identify if we're working in the chroot environment
    Changing the PS1 variable allows us to easily identify if we’re working in the chroot environment
  4. Next we will install and reconfigure locales.
    chroot:/# apt install locales
    



  5. Now reconfigure your locales, and select yours from the menu.
    chroot:/# dpkg-reconfigure locales
    

    Select your locale for the chroot environment
    Select your locale for the chroot environment

Install chroot ssh daemon

Now we are ready to install any service within chroot environment. Let’s start with ssh as this will allow us to login to chroot using ssh connection from LAN or WAN.

  1. Install the SSH server with the following command.
    chroot:/# apt install ssh
    
  2. Configure chrooted ssh service to listen on different port than 22, as it is most likely already occupied by your host system.
    chroot:/# nano /etc/ssh/sshd_config
    
  3. And change line #Port 22, while also adding a line to add remote root logins:
    Port 2222
    PermitRootLogin yes
    



  4. Restart the SSH service for the changes to take effect.
    chroot:/# /etc/init.d/ssh restart
    Restarting OpenBSD Secure Shell server: sshd.
    
  5. Finally, change the password for your chrooted root user:
    chroot:/# passwd
    

Login remotely to chroot

If all went well, we now should be able to login to new chroot environment using ssh:

$ ssh root@localhost -p 2222
Logging into a chroot environment via SSH
Logging into a chroot environment via SSH

Fine tune chroot

chroot ssh daemon will not start automatically when you turn on your host operating system. Therefore, create a simple shell script to do that task:

#!/bin/bash

mount -t devpts devpts /mnt/chroot/dev/pts
mount -t proc proc /mnt/chroot/proc
chroot  /mnt/chroot /etc/init.d/ssh start




And as a last step, make a simbolic link to /etc/rc2.d/:

# ln -s /etc/init.d/chroot.sh /etc/rc2.d/S98chroot

Now you should have a fully functional chroot environment. Feel free to explore and install additional services.

Closing Thoughts

In this tutorial, we saw how to install a debian chroot environment. We also learned how to login to the chroot environment via SSH, which makes it easier to manage it and install packages for testing. Having a chroot environment is a great way to test software and keep it separated from your host operating system.