Re: [Chrootssh-users] Chroot not working
Brought to you by:
punkball
Menu
▾
▴
Re: [Chrootssh-users] Chroot not working
|
From: Michael R. <mr...@mr...> - 2003-08-08 12:32:38
|
These are from the new tarball. --Mike John Robson wrote: > Try getting the right tarball and start again > > -----Original Message----- > From: Michael Robokoff [mailto:mr...@mr...] > Sent: 07 August 2003 16:52 > To: 'chr...@li...' > Cc: John Robson > Subject: Re: [Chrootssh-users] Chroot not working > > I did some checking and it looks as though I did indeed have the > wrong tarball. I am very sorry about that. I must have got crossed > up somewhere when I was going to down load it. > > Ok, with that behind me now I have a different problem. > > When I : > ssh -l test whatever.com > > I get: > te...@wh...'s password: > Connection to whatever.com closed by remote host. > Connection to whatever.com closed. > > The end of the debug output is this: > > Accepted password for test from xxx.xxx.xxx.xxx port 43559 ssh2 > debug3: mm_send_keystate: Sending new keys: 0x808b440 0x808a700 > debug3: mm_newkeys_to_blob: converting 0x808b440 > debug3: mm_newkeys_to_blob: converting 0x808a700 > debug3: mm_send_keystate: New keys have been sent > debug3: mm_send_keystate: Sending compression state > debug3: mm_request_send entering: type 24 > debug3: mm_send_keystate: Finished sending state > debug3: mm_newkeys_from_blob: 0x8092890(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Waiting for second key > debug3: mm_newkeys_from_blob: 0x8092890(118) > debug2: mac_init: found hmac-md5 > debug3: mm_get_keystate: Getting compression state > debug3: mm_get_keystate: Getting Network I/O buffers > debug3: mm_share_sync: Share sync > debug3: mm_share_sync: Share sync end > debug1: permanently_set_uid: 530/200 > debug2: set_newkeys: mode 0 > debug2: set_newkeys: mode 1 > debug1: Entering interactive session for SSH2. > debug1: fd 7 setting O_NONBLOCK > debug1: fd 8 setting O_NONBLOCK > debug1: server_init_dispatch_20 > debug2: User child is on pid 21794 > debug3: mm_request_receive entering > debug1: server_input_channel_open: ctype session rchan 0 win 65536 > max 16384 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug1: server_input_channel_req: channel 0 request pty-req reply 0 > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 req pty-req > login_get_lastlog: Cannot find account for uid 530 > debug1: Calling cleanup 0x8061d58(0x0) > debug1: channel_free: channel 0: server-session, nchannels 1 > debug3: channel_free: status: The following connections are open:\015 > #0 server-session (t10 r0 i0/0 o0/0 fd -1/-1)\015 > > debug3: channel_close_fds: channel 0: r -1 w -1 e -1 > debug1: Calling cleanup 0x8068a08(0x0) > > > I think the real clue here is > login_get_lastlog: Cannot find account for uid 530 > > But the account does exist in the passwd file. > > --Mike > > > John Robson wrote: > >>You are't actually at the point where that is significant - The debug output >>would be the most helpful thing at this point. >> >>Cheers >> >>John >> >> >>-----Original Message----- >>From: Michael Robokoff [mailto:mr...@mr...] >>Sent: 07 August 2003 15:06 >>To: John Robson; chrootssh-users-request >>Subject: Re: [Chrootssh-users] Chroot not working >> >> >>I tried moving the dot to see if that had any effect. I know >>it should change the location of the new root. Anyway >>here is my passwd file entry for this user: >> >>test:x:530:200:Test User:/home/test/./:/bin/sh >> >>--Mike >> >> >> >>John Robson wrote: >> >> >> >>>The passwd file needs /./ (which your directory has) >>> >>>Are you sure that is still present (in the passwd file)? >>>You are sure you have the right tarball... (Worth checking) >>>Have you got debug output from the server (run it manually with -ddd) >>> >>>It is only a few lines of code change to the server binary so a straight >>>swap of that would have done the trick. (Still would if you decided to >>>reinstall) >>> >>>As your chroot jail is working FOR ROOT (who may have extra permisisons on >>>the files therein) we can assume that the file system in yout chroot jail >>> >>> >>is >> >> >>>OK. [The sysmptoms of it not being OK would be that the SSH session would >>>log straight back out again, we're not there yet so I'll ignore it for the >>>mo.] >>> >>>The debug output should help determine why it isn't chrooting. >>> >>>Cheers >>> >>>-----Original Message----- >>>From: Michael Robokoff [mailto:mr...@mr...] >>>Sent: 07 August 2003 14:50 >>>To: John Robson >>>Cc: chr...@li... >>>Subject: Re: [Chrootssh-users] Chroot not working >>> >>> >>>I did put together a script to start it. I didn't know however you could >>>just >>>replace the binary That would have been a lot easier. Anyway ssh works >>>fine I can log in as my test user but I do not get chrooted. So I login as >>>root and run the chroot command to that dir and it works fine all the >>>necessary libraries are in place and work. When you say " If you have not >>>built a file system under the jail" I assume you mean creating the >>>necessary >>>sub directories with the necessary files in them for the shell which >>>tested fine >>>by manually running the command. >>> >>>Am I missing something with the dot? I just added the dot to the home dir >>>path in the etc/passwd file. >>> >>>--Mike >>> >>> >>>John Robson wrote: >>> >>> >>> >>> >>> >>>>You could have just installed the rpm then replaced the binary. That >>>> >>>> >>would >> >> >>>>give you all the relevant autostart functionality. >>>> >>>>However, the appropriate /rc.d/ script wouldn't be hard to put together - >>>>your easier alternative would be an inittab entry... >>>> >>>>If you are not getting chrooted then the patch isn't working. Assuming >>>> >>>> >>you >> >> >>>>have built a complete chroot jail then you should see your path as /test/ >>>>If you have not built a file system under the jail then you'll not get to >>>>log in, because there will be no shell for you to use. >>>> >>>>HTH >>>> >>>>John >>>> >>>> >>>>-----Original Message----- >>>>From: Michael Robokoff [mailto:mr...@mr...] >>>>Sent: 06 August 2003 18:49 >>>>To: chr...@li... >>>>Subject: [Chrootssh-users] Chroot not working >>>> >>>> >>>>I am running redhat 9, I removed all the ssh rpms >>>>and got the pre patched tarball. I installed it as >>>>indicated and I tested the chroot function and >>>>that works fine. The w problems I see is I have to >>>>manually start sshd. I think a /etc/rc.d/init.d/ >>>>script would be nice. Other than that I can ssh in >>>>but chroot does not appear to work I have the >>>>users path as /home/./test in the password file and >>>>the actual path is /home/test. >>>> >>>>Does anyone have any ideas? >>>> >>>>All help is appreciated. >>>> >>>>--Mike >>>> >>>> >>>> >>>>------------------------------------------------------- >>>>This SF.Net email sponsored by: Free pre-built ASP.NET sites including >>>>Data Reports, E-commerce, Portals, and Forums are available now. >>>>Download today and enter to win an XBOX or Visual Studio .NET. >>>>http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/0 >>>> >>>> >>1 >> >> >>>>_______________________________________________ >>>>Chrootssh-users mailing list >>>>Chr...@li... >>>>https://lists.sourceforge.net/lists/listinfo/chrootssh-users >>>> >>>> >>>> >>>> >>>> >>>> > |
