In this tutorial we will deal specifically with Debian Chroot environment. Running a Linux system inside a chroot environment allows a system administrator to decrease the impact on a production server when the server gets compromised.
Change root will change the root directory to all currently running processes and its children to a chroot jail. Testing of various package installations and server configuration in a chrooted environment can be another handy way how to utilize a chroot jail.
In this tutorial, we will cover the step by step instructions to setup chroot on Debian Linux. The instructions will also work for other Debian based systems.
In this tutorial you will learn:
- How to install debootstrap
- How to setup chroot on Debian Linux
- How to SSH into chroot jail
| Category | Requirements, Conventions or Software Version Used |
|---|---|
| System | Debian Linux |
| Software | debootstrap |
| Other | Privileged access to your Linux system as root or via the sudo command. |
| Conventions | # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Install debootstrap
The first thing we will need to do is install the debootstrap package on Debian. This software will allow us to create a chroot environment. Use the following command to install the package with Debian’s package manager.
$ sudo apt update $ sudo apt install debootstrap
Install chroot environment
Now, it’s time to install the chroot environment. Follow the steps below to get it set up.
- First, create a directory where you would like the chroot environment to reside. We’ll keep it simple and go with
/mnt/chrootin this tutorial.$ sudo mkdir -p /mnt/chroot
- Once your new chroot directory is ready, we will use debootstrap to install new Debian system files within the chroot environment. The installation may take some time as debootstrap will have to download and install core packages.
$ sudo debootstrap stable /mnt/chroot http://deb.debian.org/debian/
You’ll see a lot of output in your terminal, but it should wrap up with the “I: Base system installed successfully” text, which means it has finished.
- Lastly, connect your host proc system with chroot environment by mounting within chroot directory. This allows chroot to access the hardware of your host system.
$ sudo mount -t proc proc /mnt/chroot/proc $ sudo mount -t devpts devpts /mnt/chroot/dev/pts
Chroot Debian Configuration
Now, we are ready to login into chroot and do some basic configuration. To avoid confusion between the host and chroot environment, we can change root’s PS1 variable to a shell prompt to chroot# . This step is optional but recommended.
- First, login to chroot.
$ sudo chroot /mnt/chroot /bin/bash --login
- Execute the following Linux command to permanently change root’s shell prompt and exit.
# echo 'PS1="chroot:\w# "' >> ~/.bashrc # exit
- Next time you enter the chroot environment, you will have a new shell prompt.
# chroot /mnt/chroot /bin/bash --login
Changing the PS1 variable allows us to easily identify if we’re working in the chroot environment - Next we will install and reconfigure locales.
chroot:/# apt install locales
- Now reconfigure your locales, and select yours from the menu.
chroot:/# dpkg-reconfigure locales
Select your locale for the chroot environment
Install chroot ssh daemon
Now we are ready to install any service within chroot environment. Let’s start with ssh as this will allow us to login to chroot using ssh connection from LAN or WAN.
- Install the SSH server with the following command.
chroot:/# apt install ssh
- Configure chrooted ssh service to listen on different port than 22, as it is most likely already occupied by your host system.
chroot:/# nano /etc/ssh/sshd_config
- And change line
#Port 22, while also adding a line to add remote root logins:Port 2222 PermitRootLogin yes
- Restart the SSH service for the changes to take effect.
chroot:/# /etc/init.d/ssh restart Restarting OpenBSD Secure Shell server: sshd.
- Finally, change the password for your chrooted root user:
chroot:/# passwd
Login remotely to chroot
If all went well, we now should be able to login to new chroot environment using ssh:
$ ssh root@localhost -p 2222
Fine tune chroot
chroot ssh daemon will not start automatically when you turn on your host operating system. Therefore, create a simple shell script to do that task:
#!/bin/bash mount -t devpts devpts /mnt/chroot/dev/pts mount -t proc proc /mnt/chroot/proc chroot /mnt/chroot /etc/init.d/ssh start
And as a last step, make a simbolic link to
/etc/rc2.d/:
# ln -s /etc/init.d/chroot.sh /etc/rc2.d/S98chroot
Now you should have a fully functional chroot environment. Feel free to explore and install additional services.
Closing Thoughts
In this tutorial, we saw how to install a debian chroot environment. We also learned how to login to the chroot environment via SSH, which makes it easier to manage it and install packages for testing. Having a chroot environment is a great way to test software and keep it separated from your host operating system.