chrootssh-users

[Chrootssh-users] CHROOT aspect not working on my Linux 7.2

[Rich R. <rr...@np...>]

I am upgrading the OpenSSH CHROOT versions from 3.2.3p1 to 3.6.1p2, but the
CHROOT aspect isn't working.

I compiled James Dennis' OpenSSH-3.6.1p2-chroot using only this configure
switch: --with-ssl-dir=/usr/local/ssl
but sshd refuses to allow chrooted logins. Version 3.2.3p1 still works fine,
so I know the directories are correctly set up.

Both James' patched version, and the pristine version that I patched (using
James' .diff patch), have the same characteristics: Non-CHROOT logins are
OK, but CHROOT logins fail. I checked sessions.c and the patches are in
place.

The sshd debug logs don't show any differences between the two versions.
When I remove the /./ from the user's entry in /etc/passwd the login works
as expected.

On the client side, using ssh -vvv, the logs are identical until the 169th
line. The following is the working version:
debug1: channel 0: request shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
Last login: Fri May 16 10:20:17 2003 from (myserver.mydomain listed here)


Here's the non-working version (3.6.1p2):

debug1: channel 0: request shell
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel_free: channel 0: client-session, nchannels 1
debug3: channel_free: status: The following connections are open:\015
  #0 client-session (t4 r0 i0/0 o0/0 fd 4/5)\015

debug3: channel_close_fds: channel 0: r 4 w 5 e 6
debug1: fd 1 clearing O_NONBLOCK
debug2: fd 2 is not O_NONBLOCK
Connection to (my sshd server's name) closed by remote host.
Connection to (my sshd server's name) closed.
debug1: Transferred: stdin 0, stdout 0, stderr 81 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 7416.9
debug1: Exit status -1

I've reread all the documentation, and googled, but I can't see what's
wrong.

Anyone (James?) see what I'm missing?

Re: [Chrootssh-users] CHROOT aspect not working on my Linux 7.2

[James D. <jd...@la...>]

Could you send server logs too? That's usually much more helpful than 
the client logs.
-James

Rich Rarey wrote:
> I am upgrading the OpenSSH CHROOT versions from 3.2.3p1 to 3.6.1p2, but the
> CHROOT aspect isn't working.
> 
> I compiled James Dennis' OpenSSH-3.6.1p2-chroot using only this configure
> switch: --with-ssl-dir=/usr/local/ssl
> but sshd refuses to allow chrooted logins. Version 3.2.3p1 still works fine,
> so I know the directories are correctly set up.
> 
> Both James' patched version, and the pristine version that I patched (using
> James' .diff patch), have the same characteristics: Non-CHROOT logins are
> OK, but CHROOT logins fail. I checked sessions.c and the patches are in
> place.
> 
> The sshd debug logs don't show any differences between the two versions.
> When I remove the /./ from the user's entry in /etc/passwd the login works
> as expected.
> 
> On the client side, using ssh -vvv, the logs are identical until the 169th
> line. The following is the working version:
> debug1: channel 0: request shell
> debug2: callback done
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> debug2: channel 0: rcvd adjust 131072
> Last login: Fri May 16 10:20:17 2003 from (myserver.mydomain listed here)
> 
> 
> Here's the non-working version (3.6.1p2):
> 
> debug1: channel 0: request shell
> debug2: callback done
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> debug1: channel_free: channel 0: client-session, nchannels 1
> debug3: channel_free: status: The following connections are open:\015
>   #0 client-session (t4 r0 i0/0 o0/0 fd 4/5)\015
> 
> debug3: channel_close_fds: channel 0: r 4 w 5 e 6
> debug1: fd 1 clearing O_NONBLOCK
> debug2: fd 2 is not O_NONBLOCK
> Connection to (my sshd server's name) closed by remote host.
> Connection to (my sshd server's name) closed.
> debug1: Transferred: stdin 0, stdout 0, stderr 81 bytes in 0.0 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 7416.9
> debug1: Exit status -1
> 
> I've reread all the documentation, and googled, but I can't see what's
> wrong.
> 
> Anyone (James?) see what I'm missing?
> 
> 
> -------------------------------------------------------
> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
> The only event dedicated to issues related to Linux enterprise solutions
> www.enterpriselinuxforum.com
> 
> _______________________________________________
> Chrootssh-users mailing list
> Chr...@li...
> https://lists.sourceforge.net/lists/listinfo/chrootssh-users
> 

-- 
James Dennis
Harvard Law School

"Not everything that counts can be counted,
and not everything that can be counted counts."