Install debian server in a linux chroot environment

Running Linux system inside a chroot environment allows a system admin to decrease an impact on a production server when the server gets compromised. Change root will change root directory to all current running processes and its children to a chroot jail. Testing of various package installations and server configuration in a chrooted environment can be another handy way how to utilize a chroot jail.

This tutorial will provide a reader with step by step guide on how to install Debian with ssh daemon inside chroot environment using debootstrap.

Install chroot environment

In the first step we will create a directory in which new chroot environment will reside. For convenience during the installation we also declare temporary bash shell variable CHROOT to hold a path to chroot environment.

# mkdir -p /mnt/chroot/squeeze
# CHROOT=/mnt/chroot/squeeze

When new chroot directory is ready we will use debootstrap to install new Debian system within chroot environment. Change the architecture and debian version according to your needs. The installation may take some time as debootstrap will use your specified mirror to download and install core packages. Choose the closest mirror as it will rapidly reduce the installation time.

# debootstrap --arch i386 squeeze \

At the end of the installation you should seed output similar to the one below:

I: Configuring debian-archive-keyring...
I: Configuring apt...
I: Configuring libept0...
I: Configuring apt-utils...
I: Configuring aptitude...
I: Configuring tasksel-data...
I: Configuring tasksel...
I: Base system installed successfully.

Connect your host proc system with chroot environment by mounting within chroot directory. This allows chroot access a hardware of your host system.

# mount -t proc proc $CHROOT/proc
# mount -t devpts devpts $CHROOT/dev/pts


Now, we are ready to login into chroot and do some basic configuration. To not let aour selfs confuse with host and chroot environment we first change a root’s PS1 variable to change a shell prompt to “CHROOT-squeeze:~#” . This step is optional but recommended: First login to chroot:

# chroot $CHROOT /bin/bash --login

execute a following linux command to permanently change root’s shell prompt and exit:

CHROOT-squeeze:~# echo 'PS1="CHROOT-squeeze:\w# "' >> ~/.bashrc
CHROOT-squeeze:~# exit

Next time you enter chroot environment you will have a new shell prompt:

# chroot $CHROOT /bin/bash --login

From this point on all commands which should be executes within chroot environment will have a prefix:


Next we will install and reconfigure locales.

CHROOT-squeeze:~# apt-get install locales

Now reconfigure your locales. For example if you are form Australia you add – en_AU ISO-8859-1 – en_AU.UTF-8 UTF-8 and choose : en_AU

# dpkg-reconfigure locales

Install chroot ssh daemon

Now we are ready to install any service within chroot environment. Let’s start with ssh as this will allow us to login to chroot using ssh connection from LAN or WAN.:
NOTE: installation of vim is optional

CHROOT-squeeze:~# apt-get install vim ssh

Configure chrooted ssh service to listen on different port than 22 as it is most likely already occupied by your host system.

Configure ssh

Edit a sshd_config file:

CHROOT-squeeze:~# vi /etc/ssh/sshd_config

and change line Port 22 to:

Port 2222 

Restart a chroot sshd:

CHROOT-squeeze:~# /etc/init.d/ssh restart

Change a password for a chrooted root user:

CHROOT-squeeze:~# passwd

Login remotely to chroot

If all went well we now should be able to login to new chroot environment using ssh:

ssh root@localhost -p 2222

Fine tune chroot

chroot ssh daemon will not start automatically when you turn on your host operation system. Therefore, create a simple shell script to do that task:

/etc/init.d/chroot-squeeze :


CHROOT=/mnt/chroot/squeeze # change
mount -t devpts devpts $CHROOT/dev/pts
mount -t proc proc $CHROOT/proc
chroot  $CHROOT /etc/init.d/ssh start

and as a last step make a simbolic link to /etc/rc2.d/:

# ln -s /etc/init.d/chroot-squeeze /etc/rc2.d/S98chroot-squeeze

Now you should have a fully functional chroot environment. Feel free to explore and install additional services.