Re: [Chrootssh-users] Chroot not working
Brought to you by:
punkball
Menu
▾
▴
Re: [Chrootssh-users] Chroot not working
|
From: Michael R. <mr...@mr...> - 2003-08-07 15:52:02
|
I did some checking and it looks as though I did indeed have the wrong tarball. I am very sorry about that. I must have got crossed up somewhere when I was going to down load it. Ok, with that behind me now I have a different problem. When I : ssh -l test whatever.com I get: te...@wh...'s password: Connection to whatever.com closed by remote host. Connection to whatever.com closed. The end of the debug output is this: Accepted password for test from xxx.xxx.xxx.xxx port 43559 ssh2 debug3: mm_send_keystate: Sending new keys: 0x808b440 0x808a700 debug3: mm_newkeys_to_blob: converting 0x808b440 debug3: mm_newkeys_to_blob: converting 0x808a700 debug3: mm_send_keystate: New keys have been sent debug3: mm_send_keystate: Sending compression state debug3: mm_request_send entering: type 24 debug3: mm_send_keystate: Finished sending state debug3: mm_newkeys_from_blob: 0x8092890(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Waiting for second key debug3: mm_newkeys_from_blob: 0x8092890(118) debug2: mac_init: found hmac-md5 debug3: mm_get_keystate: Getting compression state debug3: mm_get_keystate: Getting Network I/O buffers debug3: mm_share_sync: Share sync debug3: mm_share_sync: Share sync end debug1: permanently_set_uid: 530/200 debug2: set_newkeys: mode 0 debug2: set_newkeys: mode 1 debug1: Entering interactive session for SSH2. debug1: fd 7 setting O_NONBLOCK debug1: fd 8 setting O_NONBLOCK debug1: server_init_dispatch_20 debug2: User child is on pid 21794 debug3: mm_request_receive entering debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req login_get_lastlog: Cannot find account for uid 530 debug1: Calling cleanup 0x8061d58(0x0) debug1: channel_free: channel 0: server-session, nchannels 1 debug3: channel_free: status: The following connections are open:\015 #0 server-session (t10 r0 i0/0 o0/0 fd -1/-1)\015 debug3: channel_close_fds: channel 0: r -1 w -1 e -1 debug1: Calling cleanup 0x8068a08(0x0) I think the real clue here is login_get_lastlog: Cannot find account for uid 530 But the account does exist in the passwd file. --Mike John Robson wrote: >You are't actually at the point where that is significant - The debug output >would be the most helpful thing at this point. > >Cheers > >John > > >-----Original Message----- >From: Michael Robokoff [mailto:mr...@mr...] >Sent: 07 August 2003 15:06 >To: John Robson; chrootssh-users-request >Subject: Re: [Chrootssh-users] Chroot not working > > >I tried moving the dot to see if that had any effect. I know >it should change the location of the new root. Anyway >here is my passwd file entry for this user: > >test:x:530:200:Test User:/home/test/./:/bin/sh > >--Mike > > > >John Robson wrote: > > > >>The passwd file needs /./ (which your directory has) >> >>Are you sure that is still present (in the passwd file)? >>You are sure you have the right tarball... (Worth checking) >>Have you got debug output from the server (run it manually with -ddd) >> >>It is only a few lines of code change to the server binary so a straight >>swap of that would have done the trick. (Still would if you decided to >>reinstall) >> >>As your chroot jail is working FOR ROOT (who may have extra permisisons on >>the files therein) we can assume that the file system in yout chroot jail >> >> >is > > >>OK. [The sysmptoms of it not being OK would be that the SSH session would >>log straight back out again, we're not there yet so I'll ignore it for the >>mo.] >> >>The debug output should help determine why it isn't chrooting. >> >>Cheers >> >>-----Original Message----- >>From: Michael Robokoff [mailto:mr...@mr...] >>Sent: 07 August 2003 14:50 >>To: John Robson >>Cc: chr...@li... >>Subject: Re: [Chrootssh-users] Chroot not working >> >> >>I did put together a script to start it. I didn't know however you could >>just >>replace the binary That would have been a lot easier. Anyway ssh works >>fine I can log in as my test user but I do not get chrooted. So I login as >>root and run the chroot command to that dir and it works fine all the >>necessary libraries are in place and work. When you say " If you have not >>built a file system under the jail" I assume you mean creating the >>necessary >>sub directories with the necessary files in them for the shell which >>tested fine >>by manually running the command. >> >>Am I missing something with the dot? I just added the dot to the home dir >>path in the etc/passwd file. >> >>--Mike >> >> >>John Robson wrote: >> >> >> >> >> >>>You could have just installed the rpm then replaced the binary. That >>> >>> >would > > >>>give you all the relevant autostart functionality. >>> >>>However, the appropriate /rc.d/ script wouldn't be hard to put together - >>>your easier alternative would be an inittab entry... >>> >>>If you are not getting chrooted then the patch isn't working. Assuming >>> >>> >you > > >>>have built a complete chroot jail then you should see your path as /test/ >>>If you have not built a file system under the jail then you'll not get to >>>log in, because there will be no shell for you to use. >>> >>>HTH >>> >>>John >>> >>> >>>-----Original Message----- >>>From: Michael Robokoff [mailto:mr...@mr...] >>>Sent: 06 August 2003 18:49 >>>To: chr...@li... >>>Subject: [Chrootssh-users] Chroot not working >>> >>> >>>I am running redhat 9, I removed all the ssh rpms >>>and got the pre patched tarball. I installed it as >>>indicated and I tested the chroot function and >>>that works fine. The w problems I see is I have to >>>manually start sshd. I think a /etc/rc.d/init.d/ >>>script would be nice. Other than that I can ssh in >>>but chroot does not appear to work I have the >>>users path as /home/./test in the password file and >>>the actual path is /home/test. >>> >>>Does anyone have any ideas? >>> >>>All help is appreciated. >>> >>>--Mike >>> >>> >>> >>>------------------------------------------------------- >>>This SF.Net email sponsored by: Free pre-built ASP.NET sites including >>>Data Reports, E-commerce, Portals, and Forums are available now. >>>Download today and enter to win an XBOX or Visual Studio .NET. >>>http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/0 >>> >>> >1 > > >>>_______________________________________________ >>>Chrootssh-users mailing list >>>Chr...@li... >>>https://lists.sourceforge.net/lists/listinfo/chrootssh-users >>> >>> >>> >>> >>> >>> |
