Re: [Chrootssh-users] Users not being dropped into chroot shell
Brought to you by:
punkball
Menu
▾
▴
Re: [Chrootssh-users] Users not being dropped into chroot shell
|
From: Aaron M. H. <ah...@le...> - 2003-09-09 13:57:43
|
As requested I have put the daemon in debug mode and attached to the specified port as a test user. Here is the output from it: sh-2.05b# /opt/local/sbin/sshd -d debug1: sshd version OpenSSH_3.6p1 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA socket: Address family not supported by protocol debug1: Bind to port 2222 on 0.0.0.0. Server listening on 0.0.0.0 port 2222. debug1: Server will not fork when running in debugging mode. Connection from 192.168.1.1 port 36330 debug1: Client protocol version 2.0; client software version OpenSSH_3.5p1 debug1: match: OpenSSH_3.5p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.6p1 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user chrootuser service ssh-connection method none debug1: attempt 0 failures 0 debug1: userauth_banner: sent Failed none for chrootuser from 192.168.1.1 port 36330 ssh2 Failed none for chrootuser from 192.168.1.1 port 36330 ssh2 debug1: userauth-request for user chrootuser service ssh-connection method publickey debug1: attempt 1 failures 1 debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 6013/6013 (e=0/0) debug1: trying public key file /chroot/./home/chroot/.ssh/authorized_keys debug1: restore_uid: 0/0 debug1: temporarily_use_uid: 6013/6013 (e=0/0) debug1: trying public key file /chroot/./home/chroot/.ssh/authorized_keys debug1: restore_uid: 0/0 Failed publickey for chrootuser from 192.168.1.1 port 36330 ssh2 debug1: userauth-request for user chrootuser service ssh-connection method keyboard-interactive debug1: attempt 2 failures 2 debug1: keyboard-interactive devs debug1: auth2_challenge: user=chrootuser devs= debug1: kbdint_alloc: devices '' Failed keyboard-interactive for chrootuser from 192.168.1.1 port 36330 ssh2 debug1: userauth-request for user chrootuser service ssh-connection method password debug1: attempt 3 failures 3 Accepted password for chrootuser from 192.168.1.1 port 36330 ssh2 debug1: monitor_child_preauth: chrootuser has been authenticated by privileged process Accepted password for chrootuser from 192.168.1.1 port 36330 ssh2 debug1: Entering interactive session for SSH2. debug1: fd 3 setting O_NONBLOCK debug1: fd 7 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/1 debug1: server_input_channel_req: channel 0 request x11-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req x11-req debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug1: Setting controlling tty using TIOCSCTTY. debug1: channel 0: rfd 9 isatty debug1: fd 9 setting O_NONBLOCK debug1: Received SIGCHLD. debug1: session_by_pid: pid 25615 debug1: session_exit_message: session 0 channel 0 pid 25615 debug1: channel 0: request exit-status debug1: session_exit_message: release channel 0 debug1: channel 0: write failed debug1: channel 0: close_write debug1: channel 0: output open -> closed debug1: session_close: session 0 pid 25615 debug1: session_pty_cleanup: session 0 release /dev/pts/1 debug1: channel 0: read<=0 rfd 9 len -1 debug1: channel 0: read failed debug1: channel 0: close_read debug1: channel 0: input open -> drain debug1: channel 0: ibuf empty debug1: channel 0: send eof debug1: channel 0: input drain -> closed debug1: channel 0: send close debug1: channel 0: rcvd close debug1: channel 0: is dead debug1: channel 0: garbage collecting debug1: channel_free: channel 0: server-session, nchannels 1 Connection closed by 192.168.1.1 Closing connection to 192.168.1.1 So, it appears that I am connecting to the daemon I thought I was but how do I verify that it is the patched daemon? I did a diff on the openssh-3.6p1 and openssh-3.6p1-chroot before installing openssh-3.6p1-chroot and saw 171 lines that are different, mainly things that are only in the openssh-3.6p1-chroot. Should the trace show openssh-3.6p1-chroot as the version? > can you get some trace from the server (run it with debug flags). > That will help check that you are running the code you think you are. > > Cheers > > John > > -----Original Message----- > From: Aaron M. Hirsch [mailto:ah...@le...] > Sent: 08 September 2003 20:45 > To: chr...@li... > Subject: [Chrootssh-users] Users not being dropped into chroot shell > > > All, > > I am attempting to setup a RH9 server and need to allow shell access to > clients to meet with contract requirements. > > I have downloaded openssh-3.6p1-chroot.tar.gz (the pre-patched source) and > openssl-0.9.7b.tar.gz. I have successfully installed both into /opt/local. > > For testing reasons I have this instance of ssh listening on port 2222 and > the > regular sshd daemon listening on port 22. > > I can successfully run chroot /chroot /bin/bash and get dropped into the > chrooted enviornment. However, when I ssh/scp/sftp into the machine I am > not > getting dropped into the chrooted enviornment. > > aaron@testbox1$ ssh -p 2222 newtest@testbox2 > Use is restricted to Schlumberger authorized users who must > comply with the Electronic Communications Policy. Usage is > monitored; unauthorized use will be prosecuted. > newtest@shogun1's password: > Last login: Mon Sep 8 13:19:41 from testbox1 > -bash-2.05b$ > > As you can see I am logging in successfully, but look where I'm put: > -bash-2.05b$ pwd > /chroot/./home/newtest > > Instead of /home/newtest. Can anyone think of something I may have > "overlooked", or why I can manually chroot to the enviornment but not > automatically during login? > > TIA! -- Aaron M. Hirsch Systems Administrator II Schlumberger 11146 Thompson Ave. Lenexa, KS 66219 Phone: (913) 312-4717 Mobile: (913) 284-9094 Fax: (913) 312-4701 |
