My SSH Users Can See Names of Other Accounts

[djcart]

I have an issue. My SSH users who connect to the server can see the names of other accounts that are created in DirectAdmin. How can I hide this information?

I am using DirectAdmin with CloudLinux. Are there any specific steps I can take to prevent my users from seeing the names of other accounts when they use SSH?

 

[Richard G]

In Cloudlinux you can use cagefs for that if I'm not mistaken.

 

[djcart]

In Cloudlinux you can use cagefs for that if I'm not mistaken.

That's correct. I have the CageFS option enabled. However, I am still able to see usernames from any user account when connecting via PuTTY. When I use the browser-based SSH version from the DirectAdmin control panel, these usernames are not displayed.

 

[Richard G]

There is also the option to use jail=1 in directadmin.conf, but I'm not 100% sure if that will do what you want.

All directadmin.conf values | Directadmin Docs

DirectAdmin Knowledge Base

docs.directadmin.com

Normally it can't hurt that they see accountnames, because they can only see that and nothing else, they can't enter the directory's.

 

[djcart]

I tried the options jail=1 and jail=2. Then, I reset the directadmin and sshd services. Unfortunately, the names were still visible. It's exactly as you mentioned, that the user cannot access another user, but these names themselves are quite sensitive data. The name is generated from the first 8 characters of the registered domain. This isn't a good practice.

 

[pat0]

Where do you see this usernames? On CentOS 7.x with default kernel and jailshell/bubblewrap enabled there's no other usernames visible in /etc/passwd, commands like top, ps, who etc.
Check if your users have /bin/jailshell instead of /bin/bash in /etc/passwd file.

 

[Richard G]

Where do you see this usernames?

I think ls -la /home is used or something like that.

 

[djcart]

In the 'passwd' file, I see various configurations. None of them is '/bin/jailshell'

 

[Ohm J]

about jailshell, you need manual disable, and enable ssh again for old user.

 

[pat0]

In the 'passwd' file, I see various configurations. None of them is '/bin/jailshell'
View attachment 7115

You must change it to /bin/jailshell (or /usr/bin/jailshell - check where you have it) for those users who should have ssh access with jail.
According to documentation it should happen automatically when you modify user (https://docs.directadmin.com/change...ewrap-jail-for-ssh-crons-beta-templates-skins):
Any sshd related changes will save /usr/bin/jailshell (if exists) to that User's shell in /etc/passwd.
Any cron changes will save SHELL=/usr/bin/jailshell (if exists) in that User's crontab.

 

[djcart]

If anyone is using the CloudLinux and DA configuration, please check if you're also experiencing this issue. Namely, when a user establishes a direct connection through PuTTY, they can navigate beyond their home directory and access system files! They can even edit them! This only happens when establishing a direct connection through PuTTY. If you use the "su user" command, this problem doesn't occur.

I've reached out to CloudLinux technical support and I'm awaiting their response.

 

[copernic]

Just a suggestion,
You might want to disable jail if you use CageFS, both do the same job and their interaction can cause problems.

 

[djcart]

jail in config file is disable