[Chrootssh-users] chroot on AIX 5.2
Brought to you by:
punkball
Menu
▾
▴
[Chrootssh-users] chroot on AIX 5.2
|
From: <xal...@ya...> - 2004-06-17 08:47:13
|
Hi all. I'm trying to use chroot-ssh on AIX 5.2 ML2. I have compiled and installed it in a test server and that's what I've found: * When I try to ssh with a chrooted user (home=/home/transfer//./) I get disconnected after authenticating. * If I configure root as a chroot user (home=//./) and try ssh, I can login without problems. * When I enable debug for sshd (sshd -ddd) I get the following trace: ------------------------ debug2: read_server_config: filename /usr/local/etc/sshd_config debug1: sshd version OpenSSH_3.8p1 debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #0 type 2 DSA debug3: Not a RSA1 key file /usr/local/etc/ssh_host_dsa_key. debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA Disabling protocol version 1. Could not load host key debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from XXX.XXX.XXX.XXX port 35050 debug1: Client protocol version 2.0; client software version OpenSSH_3.8p1 debug1: match: OpenSSH_3.8p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: list_hostkey_types: ssh-dss,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rij...@ly...,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rij...@ly...,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rij...@ly...,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rij...@ly...,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug2: dh_gen_key: priv key bits set: 126/256 debug2: bits set: 496/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug2: bits set: 499/1024 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user transfer service ssh-connection method none debug1: attempt 0 failures 0 debug2: input_userauth_request: setting up authctxt for transfer debug2: input_userauth_request: try method none debug3: AIX/authenticate result 1, msg You entered an invalid login name or password. Failed none for transfer from XXX.XXX.XXX.XXX port 35050 ssh2 debug1: userauth-request for user transfer service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: test whether pkalg/pkblob are acceptable debug1: temporarily_use_uid: 212/207 (e=0/0) debug1: trying public key file /home/transfer/.//.ssh/authorized_keys2 debug3: secure_filename: checking '/home/transfer/.ssh' debug3: secure_filename: checking '/home/transfer' debug3: secure_filename: terminating check at '/home/transfer' debug1: matching key found: file /home/transfer/.//.ssh/authorized_keys2, line 1 Found matching DSA key: a9:5c:36:9a:8c:84:89:70:f1:a5:ae:35:17:92:e6:66 debug1: restore_uid: 0/0 debug2: userauth_pubkey: authenticated 0 pkalg ssh-dss Postponed publickey for transfer from XXX.XXX.XXX.XXX port 35050 ssh2 debug1: userauth-request for user transfer service ssh-connection method publickey debug1: attempt 2 failures 1 debug2: input_userauth_request: try method publickey debug1: temporarily_use_uid: 212/207 (e=0/0) debug1: trying public key file /home/transfer/.//.ssh/authorized_keys2 debug3: secure_filename: checking '/home/transfer/.ssh' debug3: secure_filename: checking '/home/transfer' debug3: secure_filename: terminating check at '/home/transfer' debug1: matching key found: file /home/transfer/.//.ssh/authorized_keys2, line 1 Found matching DSA key: a9:5c:36:9a:8c:84:89:70:f1:a5:ae:35:17:92:e6:66 debug1: restore_uid: 0/0 debug1: ssh_dss_verify: signature correct debug2: userauth_pubkey: authenticated 1 pkalg ssh-dss Accepted publickey for transfer from XXX.XXX.XXX.XXX port 35050 ssh2 debug1: Entering interactive session for SSH2. debug2: fd 3 setting O_NONBLOCK debug2: fd 7 setting O_NONBLOCK debug1: server_init_dispatch_20 debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 16384 debug1: input_session_request debug1: channel 0: new [server-session] debug1: session_new: init debug1: session_new: session 0 debug1: session_open: channel 0 debug1: session_open: session 0: link with channel 0 debug1: server_input_channel_open: confirm session debug1: server_input_channel_req: channel 0 request pty-req reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req pty-req debug1: Allocating pty. debug1: session_pty_req: session 0 alloc /dev/pts/3 debug3: tty_parse_modes: SSH2 n_bytes 251 debug3: tty_parse_modes: ospeed 9600 debug3: tty_parse_modes: ispeed 9600 debug3: tty_parse_modes: 1 3 debug3: tty_parse_modes: 2 28 debug3: tty_parse_modes: 3 127 debug3: tty_parse_modes: 4 21 debug3: tty_parse_modes: 5 4 debug3: tty_parse_modes: 6 0 debug3: tty_parse_modes: 7 0 debug3: tty_parse_modes: 8 17 debug3: tty_parse_modes: 9 19 debug3: tty_parse_modes: 10 26 debug3: tty_parse_modes: 11 25 debug3: tty_parse_modes: 12 18 debug3: tty_parse_modes: 14 22 debug3: tty_parse_modes: 30 1 debug3: tty_parse_modes: 31 0 debug3: tty_parse_modes: 32 0 debug3: tty_parse_modes: 33 0 debug3: tty_parse_modes: 34 0 debug3: tty_parse_modes: 35 0 debug3: tty_parse_modes: 36 1 debug3: tty_parse_modes: 37 0 debug3: tty_parse_modes: 38 0 debug3: tty_parse_modes: 39 0 debug3: tty_parse_modes: 40 0 debug3: tty_parse_modes: 41 1 debug3: tty_parse_modes: 50 1 debug3: tty_parse_modes: 51 1 debug3: tty_parse_modes: 52 0 debug3: tty_parse_modes: 53 1 debug3: tty_parse_modes: 54 1 debug3: tty_parse_modes: 55 1 debug3: tty_parse_modes: 56 0 debug3: tty_parse_modes: 57 0 debug3: tty_parse_modes: 58 0 debug3: tty_parse_modes: 59 1 debug3: tty_parse_modes: 60 1 debug3: tty_parse_modes: 61 1 debug3: tty_parse_modes: 62 1 debug3: tty_parse_modes: 70 1 debug3: tty_parse_modes: 71 0 debug3: tty_parse_modes: 72 1 debug3: tty_parse_modes: 73 0 debug3: tty_parse_modes: 74 0 debug3: tty_parse_modes: 75 0 debug3: tty_parse_modes: 90 1 debug3: tty_parse_modes: 91 1 debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug2: fd 4 setting TCP_NODELAY debug2: channel 0: rfd 9 isatty debug2: fd 9 setting O_NONBLOCK debug2: fd 8 is O_NONBLOCK setsid: Not owner debug2: channel 0: read<=0 rfd 9 len -1 debug2: channel 0: read failed debug2: channel 0: close_read debug2: channel 0: input open -> drain debug2: channel 0: ibuf empty debug2: channel 0: send eof debug2: channel 0: input drain -> closed debug1: Received SIGCHLD. debug1: session_by_pid: pid 61616 debug1: session_exit_message: session 0 channel 0 pid 61616 debug2: channel 0: request exit-status debug1: session_exit_message: release channel 0 debug2: channel 0: write failed debug2: channel 0: close_write debug2: channel 0: output open -> closed debug1: session_close: session 0 pid 61616 debug1: session_pty_cleanup: session 0 release /dev/pts/3 debug2: channel 0: send close debug3: channel 0: will not send data after close debug2: notify_done: reading debug3: channel 0: will not send data after close debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: server-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1) debug3: channel 0: close_fds r -1 w -1 e -1 Connection closed by XXX.XXX.XXX.XXX debug1: do_cleanup Closing connection to XXX.XXX.XXX.XXX ------------------------ And in the client's screen: ------------------------ debug3: Trying to reverse map address XXX.XXX.XXX.XXX. *************************************************************** * * * * * Welcome to AIX Version 5.2! * * * * * * Please see the README file in /usr/lpp/bos for information pertinent to * * this release of the AIX Operating System. * * * * * **************************************************************** Couldn't chroot to user directory /home/transfer debug1: do_cleanup Connection to testhost closed. ------------------------ I see the problem is that in AIX chroot can only be used by processes with root authority, but I have a working version of chroot-ssh in AIX 4.3.3 (which I didn't install), that, of course, doesn't works in AIX 5.2 just copying it. Does anyone have chroot-ssh running in AIX 5.2 ? Could you give me any clue to make it work ? Thanks in advance. --------------------------------- [input] [input] [input] |
