[Chrootssh-users] Problem on Solaris
Brought to you by:
punkball
Menu
▾
▴
[Chrootssh-users] Problem on Solaris
|
From: Andrew A. <an...@ta...> - 2005-03-17 14:03:00
|
Hello! I have Solaris SunOS 5.8 with OpenSSH-3.9p1. There are no user accounts in /etc/passwd, users that use SSH authenticate in ldap-server (by means of pam_ldap and nss_ldap). Now I want to put users in chroot jail. So I installed openssh-3.9p1-chroot, built chroot as described here - http://chrootssh.sourceforge.net/docs/chrootedsftp.html, put there all necessary libs (found with ldd). Changed home of test user in ldap to /path/to/chroot/./. Then started sshd in debug mode: > /usr/local/sbin/sshd -de From another shell tried to connect as chrooted user: -- > sftp de...@we...n Connecting to webtest.taom.lan... Password: <user password> Connection to webtest.taom.lan closed by remote host. Connection closed -- In the debug window I see: -- debug1: sshd version OpenSSH_3.9p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: rexec_argv[0]='/usr/local/sbin/sshd' debug1: rexec_argv[1]='-de' debug1: Bind to port 22 on ::. Server listening on :: port 22. debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: fd 6 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 11 debug1: sshd version OpenSSH_3.9p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: inetd sockets after dupping: 4, 4 Connection from 192.168.1.36 port 35188 debug1: Client protocol version 2.0; client software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.9p1 debug1: permanently_set_uid: 99/99 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user demo service ssh-connection method none debug1: attempt 0 failures 0 debug1: PAM: initializing for "demo" debug1: PAM: setting PAM_RHOST to "webtest" debug1: PAM: setting PAM_TTY to "ssh" Failed none for demo from 192.168.1.36 port 35188 ssh2 Failed none for demo from 192.168.1.36 port 35188 ssh2 debug1: userauth-request for user demo service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug1: keyboard-interactive devs debug1: auth2_challenge: user=demo devs= debug1: kbdint_alloc: devices 'pam' debug1: auth2_challenge_start: trying authentication method 'pam' Postponed keyboard-interactive for demo from 192.168.1.36 port 35188 ssh2 debug1: PAM: num PAM env strings 0 Postponed keyboard-interactive/pam for demo from 192.168.1.36 port 35188 ssh2 Accepted keyboard-interactive/pam for demo from 192.168.1.36 port 35188 ssh2 Accepted keyboard-interactive/pam for demo from 192.168.1.36 port 35188 ssh2 debug1: monitor_child_preauth: demo has been authenticated by privileged process PAM: pam_open_session(): Dlopen failure debug1: do_cleanup debug1: PAM: cleanup debug1: do_cleanup debug1: PAM: cleanup -- Here I must say that on Linux machine SSH with chrooted pam_ldap users works fine, and on this Solaris machine SSH with NON-chrooted pam_ldap users works fine. The problem seems to be in magic sequence '/./'. Any suggestions? -- Andrew. |
