RE: [Chrootssh-users] Connection closed by remote host
Brought to you by:
punkball
Menu
▾
▴
RE: [Chrootssh-users] Connection closed by remote host
|
From: Marshall, Pat(Montvale) <Mar...@AP...> - 2004-04-29 13:19:34
|
I encountered the same problem on AIX. I finally went through the =
source and tracked down the problem.
The chroot() subroutine can only be run by the root user. The problem =
is this code snippet in session.c:
#ifdef HAVE_SETPCRED
if (setpcred(pw->pw_name, (char **)NULL) =3D=3D -1)
fatal("Failed to set process credentials");
#endif /* HAVE_SETPCRED */
This changes the UID and the EUID to the user you are logging in as. A =
few more lines down is where the chroot code is inserted. To get around =
this problem, I moved the chroot snippet put in by the patch before that =
code snippet and after this one:
#ifndef HAVE_CYGWIN
if (getuid() =3D=3D 0 || geteuid() =3D=3D 0)
#endif /* HAVE_CYGWIN */
{
All of this is within session.c, and it appears to be the only place =
that needs to be modified. There are only two CHROOT snippets in the =
file, anchored by the "#ifdef CHROOT" and "#endif /* CHROOT */" lines. =
It's the second snippet which needs to be moved (the first is right =
before the HAVE_CYGWIN snippet).
I don't know if this creates any vulnerabilities in the chroot - my C =
isn't that good, nor is it frequented very often. If someone else can =
comment on my modification, please do. Note that the sftplogging patch =
will apply to the chroot patched code (with or without my modification) =
with no problems.
Good luck!
Patrick Marshall
Systems Administrator
Great Atlantic & Pacific Tea Co
mar...@ap...
-----Original Message-----
From: chr...@li...
[mailto:chr...@li...]On Behalf Of Alapan
Arnab
Sent: April 29, 2004 06:15 AM
To: chr...@li...
Subject: [Chrootssh-users] Connection closed by remote host
Hi
I am running Gentoo Linux (2003)... I have tried both the patched
download and patching the normal download of openssh3.8p1.=20
I have applied the OpenSSH patch as described in the howto; and I come
across the following problem when I try to ssh/sftp in from a remote
system:
Connection to ... closed by remote host.
Connection to ... closed.
I have ldd'd the binaries and put the libraries in their apporpriate
place. My passwd file looks like:
user1:x:1003:100::/mnt/sftp/./home/user1/:/bin/sh
but I have noticed that when I remove the ./, it works as expected
without the chroot jail.
Anyidea how to fix?
Alapan
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. =
Take an Oracle 10g class now, and we'll give you the exam FREE.=20
http://ads.osdn.com/?ad_id=3D3149&alloc_id=3D8166&op=3Dclick
_______________________________________________
Chrootssh-users mailing list
Chr...@li...
https://lists.sourceforge.net/lists/listinfo/chrootssh-users
|
