Thread: RE: [Chrootssh-users] Chroot not working
Brought to you by:
punkball
Menu
▾
▴
chrootssh-users
|
From: John R. <JR...@da...> - 2003-08-07 08:19:20
|
You could have just installed the rpm then replaced the binary. That would give you all the relevant autostart functionality. However, the appropriate /rc.d/ script wouldn't be hard to put together - your easier alternative would be an inittab entry... If you are not getting chrooted then the patch isn't working. Assuming you have built a complete chroot jail then you should see your path as /test/ If you have not built a file system under the jail then you'll not get to log in, because there will be no shell for you to use. HTH John -----Original Message----- From: Michael Robokoff [mailto:mr...@mr...] Sent: 06 August 2003 18:49 To: chr...@li... Subject: [Chrootssh-users] Chroot not working I am running redhat 9, I removed all the ssh rpms and got the pre patched tarball. I installed it as indicated and I tested the chroot function and that works fine. The w problems I see is I have to manually start sshd. I think a /etc/rc.d/init.d/ script would be nice. Other than that I can ssh in but chroot does not appear to work I have the users path as /home/./test in the password file and the actual path is /home/test. Does anyone have any ideas? All help is appreciated. --Mike ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Chrootssh-users mailing list Chr...@li... https://lists.sourceforge.net/lists/listinfo/chrootssh-users |
|
From: John R. <JR...@da...> - 2003-08-07 13:57:28
|
The passwd file needs /./ (which your directory has) Are you sure that is still present (in the passwd file)? You are sure you have the right tarball... (Worth checking) Have you got debug output from the server (run it manually with -ddd) It is only a few lines of code change to the server binary so a straight swap of that would have done the trick. (Still would if you decided to reinstall) As your chroot jail is working FOR ROOT (who may have extra permisisons on the files therein) we can assume that the file system in yout chroot jail is OK. [The sysmptoms of it not being OK would be that the SSH session would log straight back out again, we're not there yet so I'll ignore it for the mo.] The debug output should help determine why it isn't chrooting. Cheers -----Original Message----- From: Michael Robokoff [mailto:mr...@mr...] Sent: 07 August 2003 14:50 To: John Robson Cc: chr...@li... Subject: Re: [Chrootssh-users] Chroot not working I did put together a script to start it. I didn't know however you could just replace the binary That would have been a lot easier. Anyway ssh works fine I can log in as my test user but I do not get chrooted. So I login as root and run the chroot command to that dir and it works fine all the necessary libraries are in place and work. When you say " If you have not built a file system under the jail" I assume you mean creating the necessary sub directories with the necessary files in them for the shell which tested fine by manually running the command. Am I missing something with the dot? I just added the dot to the home dir path in the etc/passwd file. --Mike John Robson wrote: >You could have just installed the rpm then replaced the binary. That would >give you all the relevant autostart functionality. > >However, the appropriate /rc.d/ script wouldn't be hard to put together - >your easier alternative would be an inittab entry... > >If you are not getting chrooted then the patch isn't working. Assuming you >have built a complete chroot jail then you should see your path as /test/ >If you have not built a file system under the jail then you'll not get to >log in, because there will be no shell for you to use. > >HTH > >John > > >-----Original Message----- >From: Michael Robokoff [mailto:mr...@mr...] >Sent: 06 August 2003 18:49 >To: chr...@li... >Subject: [Chrootssh-users] Chroot not working > > >I am running redhat 9, I removed all the ssh rpms >and got the pre patched tarball. I installed it as >indicated and I tested the chroot function and >that works fine. The w problems I see is I have to >manually start sshd. I think a /etc/rc.d/init.d/ >script would be nice. Other than that I can ssh in >but chroot does not appear to work I have the >users path as /home/./test in the password file and >the actual path is /home/test. > >Does anyone have any ideas? > >All help is appreciated. > >--Mike > > > >------------------------------------------------------- >This SF.Net email sponsored by: Free pre-built ASP.NET sites including >Data Reports, E-commerce, Portals, and Forums are available now. >Download today and enter to win an XBOX or Visual Studio .NET. >http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 >_______________________________________________ >Chrootssh-users mailing list >Chr...@li... >https://lists.sourceforge.net/lists/listinfo/chrootssh-users > > |
|
From: Michael R. <mr...@mr...> - 2003-08-07 15:52:02
|
I did some checking and it looks as though I did indeed have the wrong tarball. I am very sorry about that. I must have got crossed up somewhere when I was going to down load it. Ok, with that behind me now I have a different problem. When I : ssh -l test whatever.com I get: te...@wh...'s password: Connection to whatever.com closed by remote host. Connection to whatever.com closed. The end of the debug output is this: Accepted password for test from xxx.xxx.xxx.xxx port 43559 ssh2 debug3: mm_send_keystate: Sending new keys: 0x808b440 0x808a700 debug3: mm_newkeys_to_blob: converting 0x808b440 debug3: mm_newkeys_to_blob: converting 0x808a700 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug3: mm_newkeys_from_blob: 0x8092890(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0x8092890(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug1: permanently_set_uid: 530/200 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug1: fd 7 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug2: User child is on pid 21794 debug3: mm_request_receive entering debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req login_get_lastlog: Cannot find account for uid 530 debug1: Calling cleanup 0x8061d58(0x0) debug1: channel_free: channel 0: server-session, nchannels 1 debug3: channel_free: status: The following connections are open:\015 #0 server-session (t10 r0 i0/0 o0/0 fd -1/-1)\015 debug3: channel_close_fds: channel 0: r -1 w -1 e -1 debug1: Calling cleanup 0x8068a08(0x0) I think the real clue here is login_get_lastlog: Cannot find account for uid 530 But the account does exist in the passwd file. --Mike John Robson wrote: >You are't actually at the point where that is significant - The debug output >would be the most helpful thing at this point. > >Cheers > >John > > >-----Original Message----- >From: Michael Robokoff [mailto:mr...@mr...] >Sent: 07 August 2003 15:06 >To: John Robson; chrootssh-users-request >Subject: Re: [Chrootssh-users] Chroot not working > > >I tried moving the dot to see if that had any effect. I know >it should change the location of the new root. Anyway >here is my passwd file entry for this user: > >test:x:530:200:Test User:/home/test/./:/bin/sh > >--Mike > > > >John Robson wrote: > > > >>The passwd file needs /./ (which your directory has) >> >>Are you sure that is still present (in the passwd file)? >>You are sure you have the right tarball... (Worth checking) >>Have you got debug output from the server (run it manually with -ddd) >> >>It is only a few lines of code change to the server binary so a straight >>swap of that would have done the trick. (Still would if you decided to >>reinstall) >> >>As your chroot jail is working FOR ROOT (who may have extra permisisons on >>the files therein) we can assume that the file system in yout chroot jail >> >> >is > > >>OK. [The sysmptoms of it not being OK would be that the SSH session would >>log straight back out again, we're not there yet so I'll ignore it for the >>mo.] >> >>The debug output should help determine why it isn't chrooting. >> >>Cheers >> >>-----Original Message----- >>From: Michael Robokoff [mailto:mr...@mr...] >>Sent: 07 August 2003 14:50 >>To: John Robson >>Cc: chr...@li... >>Subject: Re: [Chrootssh-users] Chroot not working >> >> >>I did put together a script to start it. I didn't know however you could >>just >>replace the binary That would have been a lot easier. Anyway ssh works >>fine I can log in as my test user but I do not get chrooted. So I login as >>root and run the chroot command to that dir and it works fine all the >>necessary libraries are in place and work. When you say " If you have not >>built a file system under the jail" I assume you mean creating the >>necessary >>sub directories with the necessary files in them for the shell which >>tested fine >>by manually running the command. >> >>Am I missing something with the dot? I just added the dot to the home dir >>path in the etc/passwd file. >> >>--Mike >> >> >>John Robson wrote: >> >> >> >> >> >>>You could have just installed the rpm then replaced the binary. That >>> >>> >would > > >>>give you all the relevant autostart functionality. >>> >>>However, the appropriate /rc.d/ script wouldn't be hard to put together - >>>your easier alternative would be an inittab entry... >>> >>>If you are not getting chrooted then the patch isn't working. Assuming >>> >>> >you > > >>>have built a complete chroot jail then you should see your path as /test/ >>>If you have not built a file system under the jail then you'll not get to >>>log in, because there will be no shell for you to use. >>> >>>HTH >>> >>>John >>> >>> >>>-----Original Message----- >>>From: Michael Robokoff [mailto:mr...@mr...] >>>Sent: 06 August 2003 18:49 >>>To: chr...@li... >>>Subject: [Chrootssh-users] Chroot not working >>> >>> >>>I am running redhat 9, I removed all the ssh rpms >>>and got the pre patched tarball. I installed it as >>>indicated and I tested the chroot function and >>>that works fine. The w problems I see is I have to >>>manually start sshd. I think a /etc/rc.d/init.d/ >>>script would be nice. Other than that I can ssh in >>>but chroot does not appear to work I have the >>>users path as /home/./test in the password file and >>>the actual path is /home/test. >>> >>>Does anyone have any ideas? >>> >>>All help is appreciated. >>> >>>--Mike >>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email sponsored by: Free pre-built ASP.NET sites including >>>Data Reports, E-commerce, Portals, and Forums are available now. >>>Download today and enter to win an XBOX or Visual Studio .NET. >>>http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/0 >>> >>> >1 > > >>>_______________________________________________ >>>Chrootssh-users mailing list >>>Chr...@li... >>>https://lists.sourceforge.net/lists/listinfo/chrootssh-users >>> >>> >>> >>> >>> >>> |
|
From: Michael R. <mr...@mr...> - 2003-08-08 12:32:38
|
These are from the new tarball. --Mike John Robson wrote: > Try getting the right tarball and start again > > -----Original Message----- > From: Michael Robokoff [mailto:mr...@mr...] > Sent: 07 August 2003 16:52 > To: 'chr...@li...' > Cc: John Robson > Subject: Re: [Chrootssh-users] Chroot not working > > I did some checking and it looks as though I did indeed have the > wrong tarball. I am very sorry about that. I must have got crossed > up somewhere when I was going to down load it. > > Ok, with that behind me now I have a different problem. > > When I : > ssh -l test whatever.com > > I get: > te...@wh...'s password: > Connection to whatever.com closed by remote host. > Connection to whatever.com closed. > > The end of the debug output is this: > > Accepted password for test from xxx.xxx.xxx.xxx port 43559 ssh2 > debug3: mm_send_keystate: Sending new keys: 0x808b440 0x808a700 > debug3: mm_newkeys_to_blob: converting 0x808b440 > debug3: mm_newkeys_to_blob: converting 0x808a700 > debug3: mm_send_keystate: New keys have been sent > debug3: mm_send_keystate: Sending compression state > debug3: mm_request_send entering: type 24 > debug3: mm_send_keystate: Finished sending state > debug3: mm_newkeys_from_blob: 0x8092890(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Waiting for second key > debug3: mm_newkeys_from_blob: 0x8092890(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Getting compression state > debug3: mm_get_keystate: Getting Network I/O buffers > debug3: mm_share_sync: Share sync > debug3: mm_share_sync: Share sync end > debug1: permanently_set_uid: 530/200 > debug2: set_newkeys: mode 0 > debug2: set_newkeys: mode 1 > debug1: Entering interactive session for SSH2. > debug1: fd 7 setting O_NONBLOCK > debug1: fd 8 setting O_NONBLOCK > debug1: server_init_dispatch_20 > debug2: User child is on pid 21794 > debug3: mm_request_receive entering > debug1: server_input_channel_open: ctype session rchan 0 win 65536 > max 16384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > login_get_lastlog: Cannot find account for uid 530 > debug1: Calling cleanup 0x8061d58(0x0) > debug1: channel_free: channel 0: server-session, nchannels 1 > debug3: channel_free: status: The following connections are open:\015 > #0 server-session (t10 r0 i0/0 o0/0 fd -1/-1)\015 > > debug3: channel_close_fds: channel 0: r -1 w -1 e -1 > debug1: Calling cleanup 0x8068a08(0x0) > > > I think the real clue here is > login_get_lastlog: Cannot find account for uid 530 > > But the account does exist in the passwd file. > > --Mike > > > John Robson wrote: > >>You are't actually at the point where that is significant - The debug output >>would be the most helpful thing at this point. >> >>Cheers >> >>John >> >> >>-----Original Message----- >>From: Michael Robokoff [mailto:mr...@mr...] >>Sent: 07 August 2003 15:06 >>To: John Robson; chrootssh-users-request >>Subject: Re: [Chrootssh-users] Chroot not working >> >> >>I tried moving the dot to see if that had any effect. I know >>it should change the location of the new root. Anyway >>here is my passwd file entry for this user: >> >>test:x:530:200:Test User:/home/test/./:/bin/sh >> >>--Mike >> >> >> >>John Robson wrote: >> >> >> >>>The passwd file needs /./ (which your directory has) >>> >>>Are you sure that is still present (in the passwd file)? >>>You are sure you have the right tarball... (Worth checking) >>>Have you got debug output from the server (run it manually with -ddd) >>> >>>It is only a few lines of code change to the server binary so a straight >>>swap of that would have done the trick. (Still would if you decided to >>>reinstall) >>> >>>As your chroot jail is working FOR ROOT (who may have extra permisisons on >>>the files therein) we can assume that the file system in yout chroot jail >>> >>> >>is >> >> >>>OK. [The sysmptoms of it not being OK would be that the SSH session would >>>log straight back out again, we're not there yet so I'll ignore it for the >>>mo.] >>> >>>The debug output should help determine why it isn't chrooting. >>> >>>Cheers >>> >>>-----Original Message----- >>>From: Michael Robokoff [mailto:mr...@mr...] >>>Sent: 07 August 2003 14:50 >>>To: John Robson >>>Cc: chr...@li... >>>Subject: Re: [Chrootssh-users] Chroot not working >>> >>> >>>I did put together a script to start it. I didn't know however you could >>>just >>>replace the binary That would have been a lot easier. Anyway ssh works >>>fine I can log in as my test user but I do not get chrooted. So I login as >>>root and run the chroot command to that dir and it works fine all the >>>necessary libraries are in place and work. When you say " If you have not >>>built a file system under the jail" I assume you mean creating the >>>necessary >>>sub directories with the necessary files in them for the shell which >>>tested fine >>>by manually running the command. >>> >>>Am I missing something with the dot? I just added the dot to the home dir >>>path in the etc/passwd file. >>> >>>--Mike >>> >>> >>>John Robson wrote: >>> >>> >>> >>> >>> >>>>You could have just installed the rpm then replaced the binary. That >>>> >>>> >>would >> >> >>>>give you all the relevant autostart functionality. >>>> >>>>However, the appropriate /rc.d/ script wouldn't be hard to put together - >>>>your easier alternative would be an inittab entry... >>>> >>>>If you are not getting chrooted then the patch isn't working. Assuming >>>> >>>> >>you >> >> >>>>have built a complete chroot jail then you should see your path as /test/ >>>>If you have not built a file system under the jail then you'll not get to >>>>log in, because there will be no shell for you to use. >>>> >>>>HTH >>>> >>>>John >>>> >>>> >>>>-----Original Message----- >>>>From: Michael Robokoff [mailto:mr...@mr...] >>>>Sent: 06 August 2003 18:49 >>>>To: chr...@li... >>>>Subject: [Chrootssh-users] Chroot not working >>>> >>>> >>>>I am running redhat 9, I removed all the ssh rpms >>>>and got the pre patched tarball. I installed it as >>>>indicated and I tested the chroot function and >>>>that works fine. The w problems I see is I have to >>>>manually start sshd. I think a /etc/rc.d/init.d/ >>>>script would be nice. Other than that I can ssh in >>>>but chroot does not appear to work I have the >>>>users path as /home/./test in the password file and >>>>the actual path is /home/test. >>>> >>>>Does anyone have any ideas? >>>> >>>>All help is appreciated. >>>> >>>>--Mike >>>> >>>> >>>> >>>>------------------------------------------------------- >>>>This SF.Net email sponsored by: Free pre-built ASP.NET sites including >>>>Data Reports, E-commerce, Portals, and Forums are available now. >>>>Download today and enter to win an XBOX or Visual Studio .NET. >>>>http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/0 >>>> >>>> >>1 >> >> >>>>_______________________________________________ >>>>Chrootssh-users mailing list >>>>Chr...@li... >>>>https://lists.sourceforge.net/lists/listinfo/chrootssh-users >>>> >>>> >>>> >>>> >>>> >>>> > |
|
From: Michael R. <mr...@mr...> - 2003-08-07 13:49:55
|
I did put together a script to start it. I didn't know however you could just replace the binary That would have been a lot easier. Anyway ssh works fine I can log in as my test user but I do not get chrooted. So I login as root and run the chroot command to that dir and it works fine all the necessary libraries are in place and work. When you say " If you have not built a file system under the jail" I assume you mean creating the necessary sub directories with the necessary files in them for the shell which tested fine by manually running the command. Am I missing something with the dot? I just added the dot to the home dir path in the etc/passwd file. --Mike John Robson wrote: >You could have just installed the rpm then replaced the binary. That would >give you all the relevant autostart functionality. > >However, the appropriate /rc.d/ script wouldn't be hard to put together - >your easier alternative would be an inittab entry... > >If you are not getting chrooted then the patch isn't working. Assuming you >have built a complete chroot jail then you should see your path as /test/ >If you have not built a file system under the jail then you'll not get to >log in, because there will be no shell for you to use. > >HTH > >John > > >-----Original Message----- >From: Michael Robokoff [mailto:mr...@mr...] >Sent: 06 August 2003 18:49 >To: chr...@li... >Subject: [Chrootssh-users] Chroot not working > > >I am running redhat 9, I removed all the ssh rpms >and got the pre patched tarball. I installed it as >indicated and I tested the chroot function and >that works fine. The w problems I see is I have to >manually start sshd. I think a /etc/rc.d/init.d/ >script would be nice. Other than that I can ssh in >but chroot does not appear to work I have the >users path as /home/./test in the password file and >the actual path is /home/test. > >Does anyone have any ideas? > >All help is appreciated. > >--Mike > > > >------------------------------------------------------- >This SF.Net email sponsored by: Free pre-built ASP.NET sites including >Data Reports, E-commerce, Portals, and Forums are available now. >Download today and enter to win an XBOX or Visual Studio .NET. >http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 >_______________________________________________ >Chrootssh-users mailing list >Chr...@li... >https://lists.sourceforge.net/lists/listinfo/chrootssh-users > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X