chrootssh-users Mailing List for OpenSSH Chroot Patch (Page 35)
Brought to you by:
punkball
Menu
▾
▴
chrootssh-users — A mailing list primarily for informing users of new releases
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(6) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(5) |
Feb
|
Mar
(11) |
Apr
(11) |
May
(11) |
Jun
(9) |
Jul
(2) |
Aug
(9) |
Sep
(10) |
Oct
(8) |
Nov
(18) |
Dec
(12) |
| 2004 |
Jan
(4) |
Feb
|
Mar
(3) |
Apr
(19) |
May
(20) |
Jun
(36) |
Jul
(20) |
Aug
(13) |
Sep
(8) |
Oct
(12) |
Nov
(19) |
Dec
(18) |
| 2005 |
Jan
(4) |
Feb
(9) |
Mar
(21) |
Apr
(17) |
May
(17) |
Jun
(28) |
Jul
(24) |
Aug
(28) |
Sep
(31) |
Oct
(31) |
Nov
(35) |
Dec
(20) |
| 2006 |
Jan
(15) |
Feb
(13) |
Mar
(4) |
Apr
(5) |
May
(5) |
Jun
(9) |
Jul
(5) |
Aug
(7) |
Sep
(5) |
Oct
(18) |
Nov
(22) |
Dec
(16) |
| 2007 |
Jan
(19) |
Feb
(24) |
Mar
(34) |
Apr
(32) |
May
(19) |
Jun
(25) |
Jul
(14) |
Aug
(38) |
Sep
(46) |
Oct
(20) |
Nov
(11) |
Dec
(20) |
| 2008 |
Jan
(14) |
Feb
(10) |
Mar
(51) |
Apr
(24) |
May
(22) |
Jun
(24) |
Jul
(43) |
Aug
(28) |
Sep
(26) |
Oct
(44) |
Nov
(79) |
Dec
(44) |
| 2009 |
Jan
(19) |
Feb
(9) |
Mar
(18) |
Apr
(46) |
May
(109) |
Jun
(100) |
Jul
(74) |
Aug
(29) |
Sep
(24) |
Oct
(43) |
Nov
(8) |
Dec
(18) |
| 2010 |
Jan
(4) |
Feb
(7) |
Mar
(41) |
Apr
(59) |
May
(68) |
Jun
(57) |
Jul
(48) |
Aug
(50) |
Sep
(25) |
Oct
(5) |
Nov
(4) |
Dec
(6) |
| 2011 |
Jan
(4) |
Feb
(3) |
Mar
(2) |
Apr
|
May
(5) |
Jun
(10) |
Jul
(5) |
Aug
|
Sep
(2) |
Oct
(2) |
Nov
(4) |
Dec
(2) |
| 2012 |
Jan
(2) |
Feb
(4) |
Mar
(1) |
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2013 |
Jan
(3) |
Feb
(4) |
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
(6) |
Oct
(1) |
Nov
|
Dec
(1) |
| 2014 |
Jan
(1) |
Feb
|
Mar
(2) |
Apr
(3) |
May
(3) |
Jun
(3) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2016 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
|
Jul
(1) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: James D. <jd...@la...> - 2003-03-28 16:52:17
|
Can you explain a little more? If it is applying the patch, and
everything is installed correctly, you should be able to test this by
placing a '.' in the user's home directory entry in /etc/passwd. If you
haven't built the chroot but want to test if the patch is working, try
logging in, you will be rejected right away with a '.' in place and you
will log in fine without it.
-James
jb...@in... wrote:
> I am using gentoo 1.4 and I had edited my openssh 3.5 ebuild file to apply
> the chroot patch. When I emerge it, it does apply the patch sucessfully
> but sshd doesn't seam to chroot to the home dir at all. Any ideas?
>
> Here is the output from my emerge so I know its being patched.
>
>>>>md5 ;-) openssh-3.5p1.tar.gz
>>>>md5 ;-) osshChroot-3.5.diff
>>>>Unpacking source...
>>>>Unpacking openssh-3.5p1.tar.gz to /var/tmp/portage/openssh-3.5_p1-r1/work
>>>>Unpacking osshChroot-3.5.diff to /var/tmp/portage/openssh-3.5_p1-r1/work
>
> unpack osshChroot-3.5.diff: file format not recognized. Ignoring.
> * Applying osshChroot-3.5.diff...
> [ ok ]>>> Source unpacked.
>
> epatch ${DISTDIR}/osshChroot-3.5.diff || die
> That is the line I used to do the patch so if it wasn't patching, it
> should die there.
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by:
> The Definitive IT and Networking Event. Be There!
> NetWorld+Interop Las Vegas 2003 -- Register today!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
> _______________________________________________
> Chrootssh-users mailing list
> Chr...@li...
> https://lists.sourceforge.net/lists/listinfo/chrootssh-users
>
--
James Dennis
Harvard Law School
"Not everything that counts can be counted,
and not everything that can be counted counts."
|
|
From: James D. <jd...@la...> - 2003-03-28 16:50:01
|
Looks like it wants the command groups inside the chroot. Do you have anything specific about your environment that would require that? It's probably safe to put it in in case your unsure. Mike Hill wrote: > I've been at this for some time now and I'm getting well frustrated so > someone please help ;o) > I get the following message in SSH debug mode when I try to connect > login_get_lastlog: Cannot find account for uid 505. > > When using WINSCP I get > Command "groups" > failed with return code 127 and error message > /usr/bin/groups: id: command not found. > and then it lets me in. > > I've checked the chroot directory structure numerous times and all seems > well. > > Thanks > > Mike > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Chrootssh-users mailing list > Chr...@li... > https://lists.sourceforge.net/lists/listinfo/chrootssh-users > -- James Dennis Harvard Law School "Not everything that counts can be counted, and not everything that can be counted counts." |
|
From: Steve S. <st...@ki...> - 2003-03-25 18:18:51
|
On Tue, 25 Mar 2003, Serghej Petrov wrote: > I've download from http://chrootssh.sourceforge.net/ patched version of > OpenSSH (openssh-3.5p1-chroot.tar.gz) compil and install. > But if I chroot user in /etc/passwd ( > pippo:x:506:506::/home/pippo/./:/bin/bash ) > After autentication connection is closed by sshd server... Why? Without > /./ in password file everything is ok. My guess would be that you haven't set up the chroot environment with all of the binaries and libraries it needs. In particular, there needs to be a copy of bash in /home/pippo/bin and any shared libraries it needs in /home/pippo/lib. --Steve "Perhaps God gave man free will so he could choose to stop those who had chosen evil." <James Lileks> |
|
From: Serghej P. <sp...@ti...> - 2003-03-25 16:12:13
|
Hello=20 I've download from http://chrootssh.sourceforge.net/ patched version of OpenSSH (openssh-3.5p1-chroot.tar.gz) compil and install. But if I chroot user in /etc/passwd ( pippo:x:506:506::/home/pippo/./:/bin/bash ) After autentication connection is closed by sshd server... Why? Without /./ in password file everything is ok. =20 Please help. Best=20 Serghej |
|
From: <jb...@in...> - 2003-03-25 15:08:23
|
I am using gentoo 1.4 and I had edited my openssh 3.5 ebuild file to apply
the chroot patch. When I emerge it, it does apply the patch sucessfully
but sshd doesn't seam to chroot to the home dir at all. Any ideas?
Here is the output from my emerge so I know its being patched.
>>> md5 ;-) openssh-3.5p1.tar.gz
>>> md5 ;-) osshChroot-3.5.diff
>>> Unpacking source...
>>> Unpacking openssh-3.5p1.tar.gz to /var/tmp/portage/openssh-3.5_p1-r1/work
>>> Unpacking osshChroot-3.5.diff to /var/tmp/portage/openssh-3.5_p1-r1/work
unpack osshChroot-3.5.diff: file format not recognized. Ignoring.
* Applying osshChroot-3.5.diff...
[ ok ]>>> Source unpacked.
epatch ${DISTDIR}/osshChroot-3.5.diff || die
That is the line I used to do the patch so if it wasn't patching, it
should die there.
|
|
From: Mike H. <mik...@na...> - 2003-03-21 10:06:07
|
I've been at this for some time now and I'm getting well frustrated so someone please help ;o) I get the following message in SSH debug mode when I try to connect login_get_lastlog: Cannot find account for uid 505. When using WINSCP I get Command "groups" failed with return code 127 and error message /usr/bin/groups: id: command not found. and then it lets me in. I've checked the chroot directory structure numerous times and all seems well. Thanks Mike |
|
From: James D. <jd...@la...> - 2003-03-07 15:02:49
|
This email is NOT sponsored by Etnus. This is not meant to imply I have any sort of opinion regarding Etnus. I'm actually quite annoyed Sourceforge decided to tack that on without saying Sourceforge's email services are sponsored by Etnus. None of my emails have any sponsors... wow I'm annoyed by this... ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Chrootssh-users mailing list Chr...@li... https://lists.sourceforge.net/lists/listinfo/chrootssh-users |
|
From: James D. <jd...@la...> - 2003-03-07 14:54:15
|
Hey Everyone, It has been brought to my attention that the patch for 3.5 is not working quite correctly for everyone. It seems to work fine for me at home and here at the Law School on the testing system so I am not quite sure what is going on. I'm going to do an unusual thing by suggesting to use 3.4 until 3.6 comes out on the 17th (tentative, but likely) where I will contact the people having issues to have them help me test the new patch release. I will be working on the patch a few days before 3.6 comes out to try and match the release date. I will also be leaving my position at the Law School as my co-op session (I'm a student at Northeastern in Boston, hence the co-op) ends on the 17th so expect all future email from ja...@fi... (my personal address). -- James Dennis Harvard Law School "Not everything that counts can be counted, and not everything that can be counted counts." |
|
From: James D. <jd...@la...> - 2003-01-31 15:08:49
|
Hey everyone, I've put up a new public key. 1024 is a bit short in key length (as we all should know at this point) and I had it for a while so I've switched to a larger keysize (4096, should be good until quantum computers come out an ruin modern cryptography!). Anyway, if you use pgp/gpg please grab the key as I'll be signing every message that goes out from ja...@fi... with it. -- James Dennis Harvard Law School 617-596-7272 "Not everything that counts can be counted, and not everything that can be counted counts." |
|
From: James D. <jd...@la...> - 2003-01-29 21:01:05
|
Hey Oliver, I have put documentation explaining how this can be done on the chrootssh sourceforge site. Have you checked there? -James Oliver Bantke wrote: > Hi, > > i'm kinda new to this kind of "user-stuff", so i already apologize in > advance.... > > I think i managed to install the chroot patch for my OpenSSH Installation, > but i can't figure out how to set up the shell/chroot for the user, like > where > to put the directories....so if anyone could point me into the right > direction i would appreciate it. > > Thx for your time > |
|
From: Oliver B. <Oli...@gm...> - 2003-01-29 20:56:04
|
Hi, i'm kinda new to this kind of "user-stuff", so i already apologize in advance.... I think i managed to install the chroot patch for my OpenSSH Installation, but i can't figure out how to set up the shell/chroot for the user, like where to put the directories....so if anyone could point me into the right direction i would appreciate it. Thx for your time -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! |
|
From: James D. <jd...@la...> - 2003-01-23 19:26:07
|
Hey everyone, I have decided to start putting up patched tarballs in addition to the patchs. I have to run this by the OpenSSH people first though. This comes as a result of people having difficulty applying the patches and because I like to use the gnu patch and diff. Turns out many systems don't have them installed (at their loss ;) after all. A message came into the mailing list almost immediately after I made this change! You guys/gals are quick! -- James Dennis Harvard Law School "Not everything that counts can be counted, and not everything that can be counted counts." |
|
From: Nico Kadel-G. <nk...@ve...> - 2003-01-22 04:47:39
|
Folks, I just tried to download the chrootssh patches from http://chrootssh.sourceforge.net/patches/. They seem unable to be downloaded with Internet Exploder, I'm not sure why. I had to use lynx to get them. The 3.5 patch seems to do the right things, but it doesn't address adding a chroot option to the configure scripts. Would you welcome an additional patch to do this? And if I nail down a decent chroot cage builder, would that be helpful? I've written these before, and might be able to find time to update them appropriately. |
|
From: Steve S. <st...@ki...> - 2002-12-20 18:36:47
|
On Mon, 16 Dec 2002, Dunn, Delain O wrote: > I created a bin dir in the user's home, and copied ssh-dummy-shell into > it. I ssh to the account and now I get a different messages: > > Last login: Thu Dec 12 2002 11:16:06 -0600 from neo > No mail. > ssh-dummy-shell: Cannot find /usr/lib/ld.so.1 > Connection to cronus.lmtas.lmco.com closed. > > And I've checked that lib dose exist, do I need to move the shell up one > dir? You will need a usr/lib in the chroot jail. I also usually set up a sym link from a lib in the chroot jail to the usr/lib that I build there. Then you will need to copy the ld.so.1 from /usr/lib to the usr/lib in the chroot jail. If you have other binaries that need access in the chroot jail, you can find out what dynamic libraries they need by using ldd. --Steve "Perhaps God gave man free will so he could choose to stop those who had chosen evil." <James Lileks> |
|
From: Herald v. d. B. <he...@br...> - 2002-12-20 14:27:26
|
The chroot patch works great! Thanks! I needed to copy extra and other files than mentioned in http://chrootssh.sourceforge.net/docs/chrootedsftp.html for my system (RedHat 8). I needed in addition /dev files (I did a "MAKEDEV -d . null zero tty" but this is probably more than needed) and /etc/passwd and /etc/shadow (which I cleaned up a bit). The needed libraries were different. I installed: $ ls lib usr/lib lib: ld-linux.so.2 libattr.so.1 libc.so.6 libnsl.so.1 libtermcap.so.2 libacl.so.1 libcrypto.so.2 libdl.so.2 libresolv.so.2 libutil.so.1 usr/lib: libcom_err.so.3 libk5crypto.so.3 libkrb5.so.3 libz.so.1 But some of them were not required for sftp. Now everthing works great, even for bash Regards, Herald |
|
From: Dunn, D. O <del...@lm...> - 2002-12-16 17:27:57
|
Hi Steve, I created a bin dir in the user's home, and copied ssh-dummy-shell into it. I ssh to the account and now I get a different messages: Last login: Thu Dec 12 2002 11:16:06 -0600 from neo No mail. ssh-dummy-shell: Cannot find /usr/lib/ld.so.1 Connection to cronus.lmtas.lmco.com closed. And I've checked that lib dose exist, do I need to move the shell up one dir? -----Original Message----- From: Steve Schlaifer [mailto:st...@ki...] Sent: Sunday, December 15, 2002 6:21 PM To: Dunn, Delain O Cc: 'chr...@li...'; 'ja...@fi...' Subject: Re: [Chrootssh-users] Connection: /bin/ssh-dummy-shell: No such file or directory On Thu, 12 Dec 2002, Dunn, Delain O wrote: > I hope you can help me, since I have not seen this problem posted on the > web anywhere. I'm currently running SSH Secure Shell 3.2.0 on Solaris 8. > I've successfully setup ChRootGroups so when my users sftp into the server, > they are not able to change directors. But when they try to SSH into the > server they get the following error message: > > Authentication successful. > Last login: Wed Dec 11 2002 15:07:54 -0600 from neo > No mail. > /bin/ssh-dummy-shell: No such file or directory > Connection to server closed. > > > Any clues as to what I may be missing? Like I said this is working fine > with sftp, I've edited the /etc/passwd file so the user's shell is set to > /bin/ssh-dummy-shell, and I have included the shell in /etc/shells file. Did you put the ssh-dummy-shell inside the bin directory inside the chroot jail area or just inside the system /bin? --Steve "Perhaps God gave man free will so he could choose to stop those who had chosen evil." <James Lileks> |
|
From: Steve S. <st...@ki...> - 2002-12-16 00:22:06
|
On Thu, 12 Dec 2002, Dunn, Delain O wrote:
> I hope you can help me, since I have not seen this problem posted on the
> web anywhere. I'm currently running SSH Secure Shell 3.2.0 on Solaris 8.
> I've successfully setup ChRootGroups so when my users sftp into the server,
> they are not able to change directors. But when they try to SSH into the
> server they get the following error message:
>
> Authentication successful.
> Last login: Wed Dec 11 2002 15:07:54 -0600 from neo
> No mail.
> /bin/ssh-dummy-shell: No such file or directory
> Connection to server closed.
>
>
> Any clues as to what I may be missing? Like I said this is working fine
> with sftp, I've edited the /etc/passwd file so the user's shell is set to
> /bin/ssh-dummy-shell, and I have included the shell in /etc/shells file.
Did you put the ssh-dummy-shell inside the bin directory inside the chroot
jail area or just inside the system /bin?
--Steve
"Perhaps God gave man free will so he
could choose to stop those who had chosen evil."
<James Lileks>
|
|
From: Dunn, D. O <del...@lm...> - 2002-12-12 17:26:12
|
Hello,
I hope you can help me, since I have not seen this problem posted on the
web anywhere. I'm currently running SSH Secure Shell 3.2.0 on Solaris 8.
I've successfully setup ChRootGroups so when my users sftp into the server,
they are not able to change directors. But when they try to SSH into the
server they get the following error message:
Authentication successful.
Last login: Wed Dec 11 2002 15:07:54 -0600 from neo
No mail.
/bin/ssh-dummy-shell: No such file or directory
Connection to server closed.
Any clues as to what I may be missing? Like I said this is working fine
with sftp, I've edited the /etc/passwd file so the user's shell is set to
/bin/ssh-dummy-shell, and I have included the shell in /etc/shells file.
Let me know your thoughts, & if you need more info.
Thanks,
Delain
|
|
From: Jeremy H. <je...@so...> - 2002-12-06 22:35:21
|
Hi, I was going to write you about an error I've been having, but I just fixed it somehow so I'm just sending this to you to say thanks for the patch! Jeremy Hein -- "Nothing would please me more than being able to hire ten programmers and deluge the hobby market with good software." -- Bill Gates 1976 We are still waiting .... |
|
From: Michael W. <mi...@ne...> - 2002-11-07 13:15:25
|
Hello, I am using Red Hat 7.2 and tried with openssh 3.3 and openssh 3.5, but = the results are the same. My problem is when chroot users try to login, = they cannot. Non-chroot users are ok. Also, when i try 'chroot /chroot = /bin/ls' it works ok. This is what i am getting: [root@furry root]# chroot /chroot /bin/sh sh-2.05# ls -l total 20 drwxr-xr-x 2 0 0 4096 Nov 7 02:27 bin drwxr-xr-x 2 0 0 4096 Nov 7 01:15 dev drwxr-xr-x 3 0 0 4096 Nov 7 01:17 home drwxr-xr-x 2 0 0 4096 Nov 7 01:11 lib drwxr-xr-x 2 0 0 4096 Nov 7 01:07 usr (so looks like chroot is ok?) -------------------------------------------------------------------------= ssh root@0=20 root@0's password:=20 Last login: Thu Nov 7 13:44:02 2002 from 192.168.102.1 [root@furry root]#=20 (root could login fine) -------------------------------------------------------------------------= - [root@furry root]# ssh mike@0 mike@0's password:=20 Last login: Thu Nov 7 13:23:30 2002 from 192.168.102.1 (non-chroot users could login) -------------------------------------------------------------------------= -- [root@furry root]# ssh mikechr@0 mikechr@0's password:=20 Connection to 0 closed by remote host. Connection to 0 closed. (chroot users cannot login :-(, his line from passwd: = mikechr:x:504:506::/chroot/./home/mikechr:/bin/sh) I tried also to compile openssh with pam support, but nothing changes. Any help will be appreciated! Thanks, Mike. |
|
From: Nico Kadel-G. <nk...@be...> - 2002-07-23 03:37:33
|
Folks? We need to attribute patches. And the patches should include the changes to configure.ac to include it as merely an option, because enabling it without warning can do *oddities* with ftp installations. In any case, you can take a look at my previous work at http://www.merl.com/people/nkadel/. I've also got a little widget there to build chrootable directories, suitable for generation on the fly and easily updated for library changes. Enjoy.... Nico Kadel-Garcia nk...@be... |
|
From: Jose C. <ja...@co...> - 2002-06-05 12:09:30
|
-- Jose Celestino <ja...@co...> SAPO.pt::Systems http://www.sapo.pt --------------------------------------------------------------------- Quod licet Iovi non licet bovi. (What Jove may do, is not permitted to a cow.) |
|
From: Jean-Michel P. <jm....@fr...> - 2002-05-29 16:47:27
|
|
From: James D. <jd...@la...> - 2002-05-28 19:08:46
|
Just making sure this works. -James |
1478 messages has been excluded from this view by a project administrator.
