rssh-discuss Mailing List for rssh (Page 8)
Brought to you by:
xystrus
You can subscribe to this list here.
2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(4) |
Jun
(1) |
Jul
(15) |
Aug
(33) |
Sep
(5) |
Oct
(15) |
Nov
(8) |
Dec
(4) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2004 |
Jan
(5) |
Feb
|
Mar
(5) |
Apr
(4) |
May
(4) |
Jun
(15) |
Jul
(9) |
Aug
(11) |
Sep
(5) |
Oct
(2) |
Nov
|
Dec
(6) |
2005 |
Jan
(8) |
Feb
(6) |
Mar
(43) |
Apr
(2) |
May
(5) |
Jun
(6) |
Jul
(12) |
Aug
(22) |
Sep
(5) |
Oct
(7) |
Nov
(15) |
Dec
(5) |
2006 |
Jan
(60) |
Feb
(7) |
Mar
(12) |
Apr
(7) |
May
(5) |
Jun
(14) |
Jul
(19) |
Aug
(21) |
Sep
(16) |
Oct
(2) |
Nov
(15) |
Dec
(3) |
2007 |
Jan
|
Feb
|
Mar
|
Apr
(24) |
May
|
Jun
(26) |
Jul
(12) |
Aug
(1) |
Sep
(7) |
Oct
(2) |
Nov
|
Dec
(1) |
2008 |
Jan
(4) |
Feb
(6) |
Mar
(4) |
Apr
(4) |
May
(5) |
Jun
(4) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2009 |
Jan
|
Feb
(27) |
Mar
(20) |
Apr
(8) |
May
(1) |
Jun
(1) |
Jul
|
Aug
(3) |
Sep
(2) |
Oct
(1) |
Nov
|
Dec
|
2010 |
Jan
(3) |
Feb
(1) |
Mar
(3) |
Apr
|
May
|
Jun
(4) |
Jul
(7) |
Aug
(6) |
Sep
(7) |
Oct
(1) |
Nov
|
Dec
|
2011 |
Jan
|
Feb
(5) |
Mar
(5) |
Apr
(16) |
May
|
Jun
(6) |
Jul
(20) |
Aug
(10) |
Sep
(4) |
Oct
|
Nov
|
Dec
(7) |
2012 |
Jan
(5) |
Feb
|
Mar
(9) |
Apr
|
May
(6) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
|
Oct
(1) |
Nov
(5) |
Dec
(6) |
2013 |
Jan
|
Feb
|
Mar
(5) |
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(2) |
Sep
(3) |
Oct
(1) |
Nov
(1) |
Dec
|
2014 |
Jan
(5) |
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
(7) |
Sep
|
Oct
|
Nov
|
Dec
|
2015 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(7) |
Dec
|
2016 |
Jan
|
Feb
|
Mar
(4) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(11) |
Nov
|
Dec
|
2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
2019 |
Jan
(8) |
Feb
(17) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(3) |
Dec
|
2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
2021 |
Jan
(4) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2022 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
From: Aurelin <au...@au...> - 2011-04-13 11:54:04
|
Which distro and version do you use? I tried to reconstruct your problem, but for me it works. Could you print out the logfile + the verbose output of scp? Have you made some per user settings? These would look like user=user:022:00011 #Allow scp and sftp to user (umask 022) Quoting Lutfi <lu...@me...>: > Hi, > > I tried > > > > # set the log facility. "LOG_USER" and "user" are equivalent. > logfacility = LOG_USER > > # Leave these all commented out to make the default action for rssh to lock > # users out completely... > > allowscp > #allowsftp > #allowcvs > #allowrdist > #allowrsync > #allowsvnserve > > # set the default umask > umask = 022 > > > this configuration options but still scp gives the same error and I can > connect through sftp with the user I created. > > > On 04/13/2011 01:41 PM, Lutfi wrote: >> Hi, >> >> When I try scp, from my desktop to server it gives the error, that only >> sftp is allowed. >> >> Regard, >> >> Lutfi >> >> On 04/13/2011 12:24 PM, Aurelin wrote: >>> Hi Lutfi >>> >>> What does it mean, you cannot copy? Do you get an error? >>> >>> To your second question: >>> You can use private/public key authentication to log in without password >>> (since rssh is a shell which you can connect to via ssh, you can also >>> use the ssh authentications such as Private/Public key, Password, PAM... >>> Maybe a smartcard would also work :)) >>> >>> Greetings >>> >>> Quoting Lutfi <lu...@me...>: >>> >>> Hello, >>> >>> I am newbie on rssh and i want to send some files to my back server by >>> using rssh. I created a user by using >>> "rss...@li..." command and I uncommented the lines >>> for sftp and scp in /etc/rssh.conf. But I cannot scp a file to my server >>> sftp works. What may be the problem. >>> >>> My second question, can I make password-less connetion by using rssh. >>> >>> Regards, >>> >>> Lutfi >>>> >> ------------------------------------------------------------------------------ >>>> >> Forrester Wave Report - Recovery time is now measured in hours and >> minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and >> vision. >> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >> _______________________________________________ >> rssh-discuss mailing list >> rss...@li... >> https://lists.sourceforge.net/lists/listinfo/rssh-discuss >>>> >> >>> ------------------------------------------------------------------------------ >>> Forrester Wave Report - Recovery time is now measured in hours and minutes >>> not days. Key insights are discussed in the 2010 Forrester Wave Report as >>> part of an in-depth evaluation of disaster recovery service providers. >>> Forrester found the best-in-class provider in terms of services and vision. >>> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >> >> >> >>> _______________________________________________ >>> rssh-discuss mailing list >>> rss...@li... >>> https://lists.sourceforge.net/lists/listinfo/rssh-discuss >> >> >> ------------------------------------------------------------------------------ >> Forrester Wave Report - Recovery time is now measured in hours and minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and vision. >> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo >> _______________________________________________ >> rssh-discuss mailing list >> rss...@li... >> https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > |
From: Lutfi <lu...@me...> - 2011-04-13 10:58:19
|
Hi, I tried # set the log facility. "LOG_USER" and "user" are equivalent. logfacility = LOG_USER # Leave these all commented out to make the default action for rssh to lock # users out completely... allowscp #allowsftp #allowcvs #allowrdist #allowrsync #allowsvnserve # set the default umask umask = 022 this configuration options but still scp gives the same error and I can connect through sftp with the user I created. On 04/13/2011 01:41 PM, Lutfi wrote: > Hi, > > When I try scp, from my desktop to server it gives the error, that only > sftp is allowed. > > Regard, > > Lutfi > > On 04/13/2011 12:24 PM, Aurelin wrote: >> Hi Lutfi >> >> What does it mean, you cannot copy? Do you get an error? >> >> To your second question: >> You can use private/public key authentication to log in without password >> (since rssh is a shell which you can connect to via ssh, you can also >> use the ssh authentications such as Private/Public key, Password, PAM... >> Maybe a smartcard would also work :)) >> >> Greetings >> >> Quoting Lutfi <lu...@me...>: >> >> Hello, >> >> I am newbie on rssh and i want to send some files to my back server by >> using rssh. I created a user by using >> "rss...@li..." command and I uncommented the lines >> for sftp and scp in /etc/rssh.conf. But I cannot scp a file to my server >> sftp works. What may be the problem. >> >> My second question, can I make password-less connetion by using rssh. >> >> Regards, >> >> Lutfi >>> > ------------------------------------------------------------------------------ >>> > Forrester Wave Report - Recovery time is now measured in hours and > minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and > vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss >>> > >> ------------------------------------------------------------------------------ >> Forrester Wave Report - Recovery time is now measured in hours and minutes >> not days. Key insights are discussed in the 2010 Forrester Wave Report as >> part of an in-depth evaluation of disaster recovery service providers. >> Forrester found the best-in-class provider in terms of services and vision. >> Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > > > >> _______________________________________________ >> rssh-discuss mailing list >> rss...@li... >> https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss |
From: Lutfi <lu...@me...> - 2011-04-13 10:41:29
|
Hi, When I try scp, from my desktop to server it gives the error, that only sftp is allowed. Regard, Lutfi On 04/13/2011 12:24 PM, Aurelin wrote: > Hi Lutfi > > What does it mean, you cannot copy? Do you get an error? > > To your second question: > You can use private/public key authentication to log in without password > (since rssh is a shell which you can connect to via ssh, you can also > use the ssh authentications such as Private/Public key, Password, PAM... > Maybe a smartcard would also work :)) > > Greetings > > Quoting Lutfi <lu...@me...>: > > Hello, > > I am newbie on rssh and i want to send some files to my back server by > using rssh. I created a user by using > "rss...@li..." command and I uncommented the lines > for sftp and scp in /etc/rssh.conf. But I cannot scp a file to my server > sftp works. What may be the problem. > > My second question, can I make password-less connetion by using rssh. > > Regards, > > Lutfi >> ------------------------------------------------------------------------------ >> Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ rssh-discuss mailing list rss...@li... https://lists.sourceforge.net/lists/listinfo/rssh-discuss >> > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss |
From: Aurelin <au...@au...> - 2011-04-13 09:24:27
|
Hi Lutfi What does it mean, you cannot copy? Do you get an error? To your second question: You can use private/public key authentication to log in without password (since rssh is a shell which you can connect to via ssh, you can also use the ssh authentications such as Private/Public key, Password, PAM... Maybe a smartcard would also work :)) Greetings Quoting Lutfi <lu...@me...>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > I am newbie on rssh and i want to send some files to my back server by > using rssh. I created a user by using > "rss...@li..." command and I uncommented the lines > for sftp and scp in /etc/rssh.conf. But I cannot scp a file to my server > sftp works. What may be the problem. > > My second question, can I make password-less connetion by using rssh. > > Regards, > > Lutfi > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJNpWXRAAoJEOASPA9veM4z+TcIALqLNfsFqfx15Nt6ZqtP/9BA > eOWdt1SM2nwhKdw6yI4W+o13XWgpDuYCe272pO7aeoxUQHSp9BmZchvdTx5YYVi/ > 2JfGpl6EcVuaDn6hu0XCtlIpQI5lY5jkwmxHbqvWFRSGxTAsaw6aATGplA+aUSu4 > BtgCExMP2T4ERY8adhUa9HcUSJOTYpbVMWqwGaBHF2Mbr79zRWxygvH5CpvGPbOW > LhR0i8GxqqE8CTQd2fcKZCz0Wq7nK9pyBE8qkPkm/lVtptgRV+Wb7pX9PIfX7bpJ > +E1th0hmiXT399UNLD5tc/i6q+gMJFpooOseY+82ozqQDK6dC+j5w2RkAUTVBEs= > =+NGB > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > Forrester Wave Report - Recovery time is now measured in hours and minutes > not days. Key insights are discussed in the 2010 Forrester Wave Report as > part of an in-depth evaluation of disaster recovery service providers. > Forrester found the best-in-class provider in terms of services and vision. > Read this report now! http://p.sf.net/sfu/ibm-webcastpromo > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > |
From: Lutfi <lu...@me...> - 2011-04-13 09:08:43
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I am newbie on rssh and i want to send some files to my back server by using rssh. I created a user by using "rss...@li..." command and I uncommented the lines for sftp and scp in /etc/rssh.conf. But I cannot scp a file to my server sftp works. What may be the problem. My second question, can I make password-less connetion by using rssh. Regards, Lutfi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNpWXRAAoJEOASPA9veM4z+TcIALqLNfsFqfx15Nt6ZqtP/9BA eOWdt1SM2nwhKdw6yI4W+o13XWgpDuYCe272pO7aeoxUQHSp9BmZchvdTx5YYVi/ 2JfGpl6EcVuaDn6hu0XCtlIpQI5lY5jkwmxHbqvWFRSGxTAsaw6aATGplA+aUSu4 BtgCExMP2T4ERY8adhUa9HcUSJOTYpbVMWqwGaBHF2Mbr79zRWxygvH5CpvGPbOW LhR0i8GxqqE8CTQd2fcKZCz0Wq7nK9pyBE8qkPkm/lVtptgRV+Wb7pX9PIfX7bpJ +E1th0hmiXT399UNLD5tc/i6q+gMJFpooOseY+82ozqQDK6dC+j5w2RkAUTVBEs= =+NGB -----END PGP SIGNATURE----- |
From: Evan P. <ev...@pi...> - 2011-04-11 13:10:22
|
I have two users: filetransfer and filetransfer2 both have chroot folders setup under their home directories. in rssh.conf I have the following 2 lines configured: user="filetransfer2:022:00011:/home/filetransfer2" user="filetransfer:022:00011:/home/filetransfer" When I log on as filetransfer2 I see: Apr 11 13:31:55 linuxserver rssh[1317]: line 25: configuring user filetransfer2 Apr 11 13:31:55 linuxserver rssh[1317]: setting filetransfer2's umask to 022 Apr 11 13:31:55 linuxserver rssh[1317]: allowing scp to user filetransfer2 Apr 11 13:31:55 linuxserver rssh[1317]: allowing sftp to user filetransfer2 Apr 11 13:31:55 linuxserver rssh[1317]: chrooting filetransfer2 to /home/filetransfer2 Apr 11 13:31:55 linuxserver rssh[1317]: chroot cmd line: /usr/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" and the user works fine When I log in to filetransfer I see: Apr 11 13:26:35 linuxserver rssh[1127]: setting log facility to LOG_USER Apr 11 13:26:35 linuxserver rssh[1127]: allowing scp to all users Apr 11 13:26:35 linuxserver rssh[1127]: allowing sftp to all users Apr 11 13:26:35 linuxserver rssh[1127]: setting umask to 022 so chrooting config doesn't work right but it detected that the user logged in. if add the line: chrootpath = /home/filetransfer then I see this is the log file Apr 11 13:28:37 linuxserver rssh[1187]: setting log facility to LOG_USER Apr 11 13:28:37 linuxserver rssh[1187]: allowing scp to all users Apr 11 13:28:37 linuxserver rssh[1187]: allowing sftp to all users Apr 11 13:28:37 linuxserver rssh[1187]: setting umask to 022 Apr 11 13:28:37 linuxserver rssh[1187]: chrooting all users to /home/filetransfer Apr 11 13:28:37 linuxserver rssh[1187]: chroot cmd line: /usr/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" and user filetransfer logs in perfectly and works - so why would rssh not detect the correct username when it is configured in a user by user basis? thanks Evan |
From: lrirwin <lr...@al...> - 2011-04-08 15:07:17
|
Based on the SYSLOGD_OPTIONS below, the "jail" would have to be "/". It needs the full pathname, since the syslog daemon runs independently of the jail. (and don't forget to restart the syslog daemon after the path is changed) Once you restart it, you can verify it has completed by seeing the socket created in the folder. On 4/7/2011 6:28 PM, Johnathan Phan wrote: > I have just setup rssh and I believe the Jail was setup incorrectly. I > am trying to correct this, however no real log information is being > output to the /var/log/messages log. > > I have followed these instructions to the letter on my test environment. > > which hypothetically means that this. > > |SYSLOGD_OPTIONS="-m 0 -a /users/dev/log" > > should be working. > > Any idea's on how to get loggin working? then maybe I can fix my > borked Jail. > | > > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > > > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss |
From: paul c. <pdc...@bl...> - 2011-04-08 14:31:21
|
thanks On 08/04/11 14:54, Grassinger, Marcus wrote: > Hi, I had the same issue. It's not /bin/rssh but /usr/bin/rssh or something. > > "which rssh" will tell you. Quite simple to fix :-) > > Greetz > Marcus > > > Marcus Grassinger > > IT-Manager > Sommer GmbH > Tel: +49 (0) 7158 98127-41 > Mob: +49 (0) 176 126886.06 > Fax: +49 (0) 7158 98127-98 > http://www.sommerelectronic.com/ > > Geschäftsführer: Karen French, Gerald Lawrenz, Oliver Schulz > Sitz der Gesellschaft: Sommer GmbH - Kraichgaustr. 5 - D-73765 Neuhausen > Registergericht: Amtsgericht Stuttgart > Handelsregisternummer HRB 214620 > UStID-Nr. DE 147861123 > > Diese Nachricht (und zugehörige Dateien) ist ausschließlich für die Verwendung von rss...@li... bestimmt und enthält möglicherweise Informationen, die vertraulich sind, dem Urheberrecht unterliegen oder ein Geschäftsgeheimnis darstellen. Wenn Ihre E-Mail-Adresse nicht rss...@li... lautet, informieren wir Sie hiermit, dass das Verbreiten, Kopieren oder Verteilen dieser Nachricht oder evtl. zugehöriger Dateien strengstens untersagt ist. Falls Sie diese Nachricht irrtümlicherweise erhalten haben, löschen Sie sie, und benachrichtigen Sie uns bitte umgehend, indem Sie eine Antwort senden. Sämtliche aufgeführten Ansichten oder Meinungen sind ausschließlich diejenigen der Autorin / des Autors M.G...@so... und entsprechen nicht notwendigerweise denen des Unternehmens. > > -----Ursprüngliche Nachricht----- > > Von: p cooper [mailto:pdc...@bl...] > Gesendet: Freitag, 8. April 2011 14:07 > An: rss...@li... > Betreff: [Spam Fuzzy] cant scp with /bin/rssh shell, can with /bin/sh > > says it all really. Server = ubuntu server. Im testing it from my LAN. > > > Ive added a user , and given them a home directory > ive installed rssh > ive setup public/private key authentication > > when the server shell is /bin/sh , passwordless scp file transfer works, > but when the shell is /bin/rssh , it asks me for a password > > > $ cat /etc/rssh.conf | grep -v '#' > logfacility = LOG_USER > allowscp > allowrsync > umask = 022 > > if the server config is this > > $ cat /etc/passwd | grep remot > remoteBackup:1004:1003::/home/remoteBackup:/bin/sh > server2@server2:~$ > > i can > nine@nine:~$ scp -P22 -i /tmp/rem_b_id_rsa /tmp/file > remoteBackup@server:/home/remoteBackup > file 100% 7 0.0KB/s 00:00 > nine@nine:~$ > > if i change it to > Quote: > $ cat /etc/passwd | grep remot > remoteBackup:1004:1003::/home/remoteBackup:/bin/rssh > server2@server2:~$ > > I get > nine@nine:~$ scp -P22 -v -i /tmp/rem_b_id_rsa /tmp/file > remoteBackup@server2:/home/remoteBackup > Executing: program /usr/bin/ssh host server2, user remoteBackup, command > scp -v -t /home/remoteBackup > OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug1: Applying options for server2 > debug1: Connecting to server2 [192.168.2.20] port 22. > debug1: Connection established. > debug1: identity file /tmp/rem_b_id_rsa type -1 > debug1: Remote protocol version 2.0, remote software version > OpenSSH_5.5p1 Debian-4ubuntu5 > debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH* > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-ctr hmac-md5 none > debug1: kex: client->server aes128-ctr hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'server2' is known and matches the RSA host key. > debug1: Found key in /home/nine/.ssh/known_hosts:9 > debug1: ssh_rsa_verify: signature correct > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: SSH2_MSG_SERVICE_REQUEST sent > debug1: SSH2_MSG_SERVICE_ACCEPT received > debug1: Authentications that can continue: publickey,password > debug1: Next authentication method: publickey > debug1: Offering public key: nine@nine.home.nw > debug1: Authentications that can continue: publickey,password > debug1: Trying private key: /tmp/rem_b_id_rsa > debug1: read PEM private key done: type RSA > debug1: Authentications that can continue: publickey,password > debug1: Next authentication method: password > remoteBackup@server2's password: > > > where is the problem ? > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss |
From: Grassinger, M. <M.G...@so...> - 2011-04-08 14:10:08
|
Hi, I had the same issue. It's not /bin/rssh but /usr/bin/rssh or something. "which rssh" will tell you. Quite simple to fix :-) Greetz Marcus Marcus Grassinger IT-Manager Sommer GmbH Tel: +49 (0) 7158 98127-41 Mob: +49 (0) 176 126886.06 Fax: +49 (0) 7158 98127-98 http://www.sommerelectronic.com/ Geschäftsführer: Karen French, Gerald Lawrenz, Oliver Schulz Sitz der Gesellschaft: Sommer GmbH - Kraichgaustr. 5 - D-73765 Neuhausen Registergericht: Amtsgericht Stuttgart Handelsregisternummer HRB 214620 UStID-Nr. DE 147861123 Diese Nachricht (und zugehörige Dateien) ist ausschließlich für die Verwendung von rss...@li... bestimmt und enthält möglicherweise Informationen, die vertraulich sind, dem Urheberrecht unterliegen oder ein Geschäftsgeheimnis darstellen. Wenn Ihre E-Mail-Adresse nicht rss...@li... lautet, informieren wir Sie hiermit, dass das Verbreiten, Kopieren oder Verteilen dieser Nachricht oder evtl. zugehöriger Dateien strengstens untersagt ist. Falls Sie diese Nachricht irrtümlicherweise erhalten haben, löschen Sie sie, und benachrichtigen Sie uns bitte umgehend, indem Sie eine Antwort senden. Sämtliche aufgeführten Ansichten oder Meinungen sind ausschließlich diejenigen der Autorin / des Autors M.G...@so... und entsprechen nicht notwendigerweise denen des Unternehmens. -----Ursprüngliche Nachricht----- Von: p cooper [mailto:pdc...@bl...] Gesendet: Freitag, 8. April 2011 14:07 An: rss...@li... Betreff: [Spam Fuzzy] cant scp with /bin/rssh shell, can with /bin/sh says it all really. Server = ubuntu server. Im testing it from my LAN. Ive added a user , and given them a home directory ive installed rssh ive setup public/private key authentication when the server shell is /bin/sh , passwordless scp file transfer works, but when the shell is /bin/rssh , it asks me for a password $ cat /etc/rssh.conf | grep -v '#' logfacility = LOG_USER allowscp allowrsync umask = 022 if the server config is this $ cat /etc/passwd | grep remot remoteBackup:1004:1003::/home/remoteBackup:/bin/sh server2@server2:~$ i can nine@nine:~$ scp -P22 -i /tmp/rem_b_id_rsa /tmp/file remoteBackup@server:/home/remoteBackup file 100% 7 0.0KB/s 00:00 nine@nine:~$ if i change it to Quote: $ cat /etc/passwd | grep remot remoteBackup:1004:1003::/home/remoteBackup:/bin/rssh server2@server2:~$ I get nine@nine:~$ scp -P22 -v -i /tmp/rem_b_id_rsa /tmp/file remoteBackup@server2:/home/remoteBackup Executing: program /usr/bin/ssh host server2, user remoteBackup, command scp -v -t /home/remoteBackup OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Applying options for server2 debug1: Connecting to server2 [192.168.2.20] port 22. debug1: Connection established. debug1: identity file /tmp/rem_b_id_rsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5 debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server2' is known and matches the RSA host key. debug1: Found key in /home/nine/.ssh/known_hosts:9 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: nine@nine.home.nw debug1: Authentications that can continue: publickey,password debug1: Trying private key: /tmp/rem_b_id_rsa debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password remoteBackup@server2's password: where is the problem ? ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ rssh-discuss mailing list rss...@li... https://lists.sourceforge.net/lists/listinfo/rssh-discuss |
From: p c. <pdc...@bl...> - 2011-04-08 13:03:01
|
says it all really. Server = ubuntu server. Im testing it from my LAN. Ive added a user , and given them a home directory ive installed rssh ive setup public/private key authentication when the server shell is /bin/sh , passwordless scp file transfer works, but when the shell is /bin/rssh , it asks me for a password $ cat /etc/rssh.conf | grep -v '#' logfacility = LOG_USER allowscp allowrsync umask = 022 if the server config is this $ cat /etc/passwd | grep remot remoteBackup:1004:1003::/home/remoteBackup:/bin/sh server2@server2:~$ i can nine@nine:~$ scp -P22 -i /tmp/rem_b_id_rsa /tmp/file remoteBackup@server:/home/remoteBackup file 100% 7 0.0KB/s 00:00 nine@nine:~$ if i change it to Quote: $ cat /etc/passwd | grep remot remoteBackup:1004:1003::/home/remoteBackup:/bin/rssh server2@server2:~$ I get nine@nine:~$ scp -P22 -v -i /tmp/rem_b_id_rsa /tmp/file remoteBackup@server2:/home/remoteBackup Executing: program /usr/bin/ssh host server2, user remoteBackup, command scp -v -t /home/remoteBackup OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Applying options for server2 debug1: Connecting to server2 [192.168.2.20] port 22. debug1: Connection established. debug1: identity file /tmp/rem_b_id_rsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-4ubuntu5 debug1: match: OpenSSH_5.5p1 Debian-4ubuntu5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'server2' is known and matches the RSA host key. debug1: Found key in /home/nine/.ssh/known_hosts:9 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: nine@nine.home.nw debug1: Authentications that can continue: publickey,password debug1: Trying private key: /tmp/rem_b_id_rsa debug1: read PEM private key done: type RSA debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password remoteBackup@server2's password: where is the problem ? |
From: Johnathan P. <jo...@ox...> - 2011-04-07 22:56:46
|
I have just setup rssh and I believe the Jail was setup incorrectly. I am trying to correct this, however no real log information is being output to the /var/log/messages log. I have followed these instructions to the letter on my test environment. which hypothetically means that this. SYSLOGD_OPTIONS="-m 0 -a /users/dev/log" should be working. Any idea's on how to get loggin working? then maybe I can fix my borked Jail. |
From: lrirwin <lr...@al...> - 2011-04-07 22:25:07
|
dev/null yes... dev/zero -- no I did not have that one... So now I have: srw-rw-rw- 1 root root 0 Apr 7 13:27 log crw-r--r-- 1 root root 1, 3 Apr 7 13:57 null crw-r--r-- 1 root root 1, 5 Apr 7 17:12 zero I tried shortening the path in the jail copy of passwd to have the home dir set to /ahosp... But, still same results - same output in messages log and same Connection closed. On 4/7/2011 6:09 PM, Eric Gottesman wrote: > Did you remember to create /dev/null and /dev/zero? > > Also, make sure you change the user's home directory in /etc/passwd to the appropriate in-jail path. > > > On 4/7/11 3:06 PM, "Larry Irwin"<mk...@gm...> wrote: > > /etc/passwd in the jail is a copy of /etc/passwd - for now... > I was going to remove everything but root and the user after I got it > working... > Like you do for some versions of jails for ftp servers. > The thing that is troubling me is that I can chroot from the command > prompt and run "ls" and "sftp-server" without issue. > (I set up ls as well so I could browse around after chroot'ing) > And I've successfully set up dev/log, but there aren't any errors being > generated. > If I had a clue how to debug rssh_chroot_helper, I'd be able to dig a > bit further... > It looks like it runs like this: > /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" > I just don't have any output - like the exit status - at all... So it > looks like it thinks it exited with a 0. > > On 4/7/2011 5:13 PM, Eric Gottesman wrote: >> You're almost certainly missing a file somewhere in your chroot jail, but also, do you have the user set up correctly in the jail's /etc/passwd and whatnot? >> >> >> >> >> On 4/7/11 1:17 PM, "lrirwin"<lr...@al...> wrote: >> >> Hi, >> >> The server I am trying to get this working on is RHEL5 >> 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 >> GNU/Linux >> OpenSSH Version is: OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 >> ssh and sftp work fine for admin uses, but I need to set up an sftp >> folder for a third party drop-off for importing data. >> I compiled and installed from "rssh-2.3.3.tar.gz" using simply >> ./configure and make install signed in as root. >> I added a user and built a chroot jail with a home folder for that user >> below the jail. >> The jail is: /u/www/pe5/clients/prexhop/hl7/rawimport >> The user's passwd entry is: >> hopftp:x:1901:50::/u/www/pe5/clients/prexhop/hl7/rawimport/ahosp:/usr/local/bin/rssh >> The rssh.conf file has a single line in it: user = >> hopftp:000:00010:/u/www/pe5/clients/prexhop/hl7/rawimport >> I set up dev/log and bin/ls additionally so I could catch messages >> after chroot'ing and got through all the obvious trip-ups... >> (like: "rssh_chroot_helper[8018]: execv() failed, >> /usr/libexec/openssh/sftp-server: No such file or directory", which was >> actually sftp-server needing the libs for determining the UID in the >> jail...) >> Then I was able to, from the command prompt, signed on as root: >> --- >> # cd /u/www/pe5/clients/prexhop/hl7/rawimport >> # chroot . >> # cd /ahosp >> # /usr/libexec/openssh/sftp-server >> --- >> Which executes sftp-server without error at this point, but of course >> since I can't interact with sftp-server via the keyboard properly, it >> drops out after I hit enter. >> >> Then, from a remote site, I try to use the account for sftp and the >> session looks like this (not the real IP, just an example): >> >> # sftp hopftp@2.2.2.2 >> Connecting to 2.2.2.2... >> hopftp@2.2.2.2's password: >> Connection closed >> >> (the password is not the issue, if I change the user's shell to bash, I >> can login from a remote site using ssh without any problems) >> The resulting entries in /var/log/messages are (again the IP isn't real): >> Apr 7 14:43:05 pe sshd[1076]: Accepted password for hopftp from >> 28.28.28.28 port 49933 ssh2 >> Apr 7 14:43:05 pe sshd[1076]: subsystem request for sftp >> Apr 7 14:43:05 pe rssh[1389]: line 1: configuring user hopftp >> Apr 7 14:43:05 pe rssh[1389]: setting hopftp's umask to 0 >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: new session for hopftp, >> UID=1901 >> Apr 7 14:43:05 pe rssh[1389]: allowing sftp to user hopftp >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: user's home dir is >> /u/www/pe5/clients/prexhop/hl7/rawimport/ahosp >> Apr 7 14:43:05 pe rssh[1389]: chrooting hopftp to >> /u/www/pe5/clients/prexhop/hl7/rawimport >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: chrooted to >> /u/www/pe5/clients/prexhop/hl7/rawimport >> Apr 7 14:43:05 pe rssh[1389]: chroot cmd line: >> /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" >> Apr 7 19:43:05 pe rssh_chroot_helper[1389]: changing working directory >> to /ahosp (inside jail) >> >> Based on a few items I saw about about other UID issues that might be >> causing trouble, I tried: >> cd /lib; find . -print | cpio -pmud >> /u/www/pe5/clients/prexhop/hl7/rawimport/lib >> cd /lib64; find . -print | cpio -pmud >> /u/www/pe5/clients/prexhop/hl7/rawimport/lib64 >> But that did not make any difference. >> >> It looks like everything should be working - no errors anywhere... but >> it drops to "Connection closed"... >> Any help would be greatly appreciated, >> Larry Irwin >> CCA Medical >> >> >> >> ------------------------------------------------------------------------------ >> Xperia(TM) PLAY >> It's a major breakthrough. An authentic gaming >> smartphone on the nation's most reliable network. >> And it wants your games. >> http://p.sf.net/sfu/verizon-sfdev >> _______________________________________________ >> rssh-discuss mailing list >> rss...@li... >> https://lists.sourceforge.net/lists/listinfo/rssh-discuss >> >> >> >> > > |
From: lrirwin <lr...@al...> - 2011-04-07 22:09:43
|
/etc/passwd in the jail is a copy of /etc/passwd - for now... I was going to remove everything but root and the user after I got it working... Like you do for some versions of jails for ftp servers. The thing that is troubling me is that I can chroot from the command prompt and run "ls" and "sftp-server" without issue. (I set up ls as well so I could browse around after chroot'ing) And I've successfully set up dev/log, but there aren't any errors being generated. If I had a clue how to debug rssh_chroot_helper, I'd be able to dig a bit further... It looks like it runs like this: /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" I just don't have any output - like the exit status - at all... So it looks like it thinks it exited with a 0. On 4/7/2011 5:13 PM, Eric Gottesman wrote: > You're almost certainly missing a file somewhere in your chroot jail, but also, do you have the user set up correctly in the jail's /etc/passwd and whatnot? > > > > > On 4/7/11 1:17 PM, "lrirwin"<lr...@al...> wrote: > > Hi, > > The server I am trying to get this working on is RHEL5 > 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 > GNU/Linux > OpenSSH Version is: OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > ssh and sftp work fine for admin uses, but I need to set up an sftp > folder for a third party drop-off for importing data. > I compiled and installed from "rssh-2.3.3.tar.gz" using simply > ./configure and make install signed in as root. > I added a user and built a chroot jail with a home folder for that user > below the jail. > The jail is: /u/www/pe5/clients/prexhop/hl7/rawimport > The user's passwd entry is: > hopftp:x:1901:50::/u/www/pe5/clients/prexhop/hl7/rawimport/ahosp:/usr/local/bin/rssh > The rssh.conf file has a single line in it: user = > hopftp:000:00010:/u/www/pe5/clients/prexhop/hl7/rawimport > I set up dev/log and bin/ls additionally so I could catch messages > after chroot'ing and got through all the obvious trip-ups... > (like: "rssh_chroot_helper[8018]: execv() failed, > /usr/libexec/openssh/sftp-server: No such file or directory", which was > actually sftp-server needing the libs for determining the UID in the > jail...) > Then I was able to, from the command prompt, signed on as root: > --- > # cd /u/www/pe5/clients/prexhop/hl7/rawimport > # chroot . > # cd /ahosp > # /usr/libexec/openssh/sftp-server > --- > Which executes sftp-server without error at this point, but of course > since I can't interact with sftp-server via the keyboard properly, it > drops out after I hit enter. > > Then, from a remote site, I try to use the account for sftp and the > session looks like this (not the real IP, just an example): > > # sftp hopftp@2.2.2.2 > Connecting to 2.2.2.2... > hopftp@2.2.2.2's password: > Connection closed > > (the password is not the issue, if I change the user's shell to bash, I > can login from a remote site using ssh without any problems) > The resulting entries in /var/log/messages are (again the IP isn't real): > Apr 7 14:43:05 pe sshd[1076]: Accepted password for hopftp from > 28.28.28.28 port 49933 ssh2 > Apr 7 14:43:05 pe sshd[1076]: subsystem request for sftp > Apr 7 14:43:05 pe rssh[1389]: line 1: configuring user hopftp > Apr 7 14:43:05 pe rssh[1389]: setting hopftp's umask to 0 > Apr 7 19:43:05 pe rssh_chroot_helper[1389]: new session for hopftp, > UID=1901 > Apr 7 14:43:05 pe rssh[1389]: allowing sftp to user hopftp > Apr 7 19:43:05 pe rssh_chroot_helper[1389]: user's home dir is > /u/www/pe5/clients/prexhop/hl7/rawimport/ahosp > Apr 7 14:43:05 pe rssh[1389]: chrooting hopftp to > /u/www/pe5/clients/prexhop/hl7/rawimport > Apr 7 19:43:05 pe rssh_chroot_helper[1389]: chrooted to > /u/www/pe5/clients/prexhop/hl7/rawimport > Apr 7 14:43:05 pe rssh[1389]: chroot cmd line: > /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" > Apr 7 19:43:05 pe rssh_chroot_helper[1389]: changing working directory > to /ahosp (inside jail) > > Based on a few items I saw about about other UID issues that might be > causing trouble, I tried: > cd /lib; find . -print | cpio -pmud > /u/www/pe5/clients/prexhop/hl7/rawimport/lib > cd /lib64; find . -print | cpio -pmud > /u/www/pe5/clients/prexhop/hl7/rawimport/lib64 > But that did not make any difference. > > It looks like everything should be working - no errors anywhere... but > it drops to "Connection closed"... > Any help would be greatly appreciated, > Larry Irwin > CCA Medical > > > > ------------------------------------------------------------------------------ > Xperia(TM) PLAY > It's a major breakthrough. An authentic gaming > smartphone on the nation's most reliable network. > And it wants your games. > http://p.sf.net/sfu/verizon-sfdev > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss > > > > |
From: lrirwin <lr...@al...> - 2011-04-07 20:36:21
|
Hi, The server I am trying to get this working on is RHEL5 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:39 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux OpenSSH Version is: OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 ssh and sftp work fine for admin uses, but I need to set up an sftp folder for a third party drop-off for importing data. I compiled and installed from "rssh-2.3.3.tar.gz" using simply ./configure and make install signed in as root. I added a user and built a chroot jail with a home folder for that user below the jail. The jail is: /u/www/pe5/clients/prexhop/hl7/rawimport The user's passwd entry is: hopftp:x:1901:50::/u/www/pe5/clients/prexhop/hl7/rawimport/ahosp:/usr/local/bin/rssh The rssh.conf file has a single line in it: user = hopftp:000:00010:/u/www/pe5/clients/prexhop/hl7/rawimport I set up dev/log and bin/ls additionally so I could catch messages after chroot'ing and got through all the obvious trip-ups... (like: "rssh_chroot_helper[8018]: execv() failed, /usr/libexec/openssh/sftp-server: No such file or directory", which was actually sftp-server needing the libs for determining the UID in the jail...) Then I was able to, from the command prompt, signed on as root: --- # cd /u/www/pe5/clients/prexhop/hl7/rawimport # chroot . # cd /ahosp # /usr/libexec/openssh/sftp-server --- Which executes sftp-server without error at this point, but of course since I can't interact with sftp-server via the keyboard properly, it drops out after I hit enter. Then, from a remote site, I try to use the account for sftp and the session looks like this (not the real IP, just an example): # sftp hopftp@2.2.2.2 Connecting to 2.2.2.2... hopftp@2.2.2.2's password: Connection closed (the password is not the issue, if I change the user's shell to bash, I can login from a remote site using ssh without any problems) The resulting entries in /var/log/messages are (again the IP isn't real): Apr 7 14:43:05 pe sshd[1076]: Accepted password for hopftp from 28.28.28.28 port 49933 ssh2 Apr 7 14:43:05 pe sshd[1076]: subsystem request for sftp Apr 7 14:43:05 pe rssh[1389]: line 1: configuring user hopftp Apr 7 14:43:05 pe rssh[1389]: setting hopftp's umask to 0 Apr 7 19:43:05 pe rssh_chroot_helper[1389]: new session for hopftp, UID=1901 Apr 7 14:43:05 pe rssh[1389]: allowing sftp to user hopftp Apr 7 19:43:05 pe rssh_chroot_helper[1389]: user's home dir is /u/www/pe5/clients/prexhop/hl7/rawimport/ahosp Apr 7 14:43:05 pe rssh[1389]: chrooting hopftp to /u/www/pe5/clients/prexhop/hl7/rawimport Apr 7 19:43:05 pe rssh_chroot_helper[1389]: chrooted to /u/www/pe5/clients/prexhop/hl7/rawimport Apr 7 14:43:05 pe rssh[1389]: chroot cmd line: /usr/local/libexec/rssh_chroot_helper 2 "/usr/libexec/openssh/sftp-server" Apr 7 19:43:05 pe rssh_chroot_helper[1389]: changing working directory to /ahosp (inside jail) Based on a few items I saw about about other UID issues that might be causing trouble, I tried: cd /lib; find . -print | cpio -pmud /u/www/pe5/clients/prexhop/hl7/rawimport/lib cd /lib64; find . -print | cpio -pmud /u/www/pe5/clients/prexhop/hl7/rawimport/lib64 But that did not make any difference. It looks like everything should be working - no errors anywhere... but it drops to "Connection closed"... Any help would be greatly appreciated, Larry Irwin CCA Medical |
From: Ian Q. <rss...@gm...> - 2011-03-31 23:23:09
|
So after some more investigation, it looks like the previously install rssh was from RPM Forge package rssh-2.3.2-1.2.el5.rf.i386. Updating from the EPEL package likely caused the issue... Thanks, Ian On Thu, Mar 31, 2011 at 3:27 PM, Ian Quinn <rss...@gm...> wrote: > [root@testbox ~]# rpm -qpi /tmp/yum/rssh-2.3.2-7.el5.i386.rpm > Name : rssh Relocations: (not relocatable) > Version : 2.3.2 Vendor: Fedora Project > Release : 7.el5 Build Date: Thu 04 Nov 2010 > 01:27:16 PM MST > Install Date: (not installed) Build Host: > x86-02.phx2.fedoraproject.org > Group : Applications/Internet Source RPM: > rssh-2.3.2-7.el5.src.rpm > Size : 86538 License: BSD > Signature : DSA/SHA1, Fri 05 Nov 2010 08:24:31 AM MST, Key ID > 119cc036217521f6 > Packager : Fedora Project > > URL : http://www.pizzashack.org/rssh/ > Summary : Restricted shell for use with OpenSSH, allowing only scp > and/or sftp > Description : > > rssh is a restricted shell for use with OpenSSH, allowing only scp > and/or sftp. For example, if you have a server which you only want > to allow users to copy files off of via scp, without providing shell > access, you can use rssh to do that. It is a alternative to scponly. > > > [root@testbox ~]# rpm -qp --scripts /tmp/yum/rssh-2.3.2-7.el5.i386.rpm > preinstall scriptlet (using /bin/sh): > getent group rsshusers >/dev/null || groupadd -r rsshusers > exit 0 > > > > On Thu, Mar 31, 2011 at 3:24 PM, Ian Quinn <rss...@gm...> wrote: > >> Yes, form the epel repo. >> >> 979b24c706c3d121abe95e0c630bc3ef rssh-2.3.2-7.el5.i386.rpm >> >> Installed Packages >> Name : rssh >> Arch : i386 >> Version : 2.3.2 >> Release : 7.el5 >> Size : 85 k >> Repo : installed >> Summary : Restricted shell for use with OpenSSH, allowing only scp >> and/or sftp >> URL : http://www.pizzashack.org/rssh/ >> License : BSD >> Description: >> : rssh is a restricted shell for use with OpenSSH, allowing >> only scp >> : and/or sftp. For example, if you have a server which you only >> want >> : to allow users to copy files off of via scp, without >> providing shell >> : access, you can use rssh to do that. It is a alternative to >> scponly. >> >> >> >> >> On Thu, Mar 31, 2011 at 3:18 PM, Russ Allbery <rr...@st...> wrote: >> >>> Ian Quinn <rss...@gm...> writes: >>> >>> > I ran into an issue when upgrading from 2.3.2-1 to 2.3.2-7. It caused >>> > some issues for my users, and wanted to find out if this was intended >>> or >>> > not. >>> >>> I assume this is with Red Hat packages? I wanted to double-check, >>> though, >>> since the version numbers you cite could have possibly been Debian >>> packages. But I don't think the Debian packages have ever automatically >>> created groups. >>> >>> -- >>> Russ Allbery (rr...@st...) < >>> http://www.eyrie.org/~eagle/> >>> >> >> > |
From: Ian Q. <rss...@gm...> - 2011-03-31 22:27:12
|
[root@testbox ~]# rpm -qpi /tmp/yum/rssh-2.3.2-7.el5.i386.rpm Name : rssh Relocations: (not relocatable) Version : 2.3.2 Vendor: Fedora Project Release : 7.el5 Build Date: Thu 04 Nov 2010 01:27:16 PM MST Install Date: (not installed) Build Host: x86-02.phx2.fedoraproject.org Group : Applications/Internet Source RPM: rssh-2.3.2-7.el5.src.rpm Size : 86538 License: BSD Signature : DSA/SHA1, Fri 05 Nov 2010 08:24:31 AM MST, Key ID 119cc036217521f6 Packager : Fedora Project URL : http://www.pizzashack.org/rssh/ Summary : Restricted shell for use with OpenSSH, allowing only scp and/or sftp Description : rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp. For example, if you have a server which you only want to allow users to copy files off of via scp, without providing shell access, you can use rssh to do that. It is a alternative to scponly. [root@testbox ~]# rpm -qp --scripts /tmp/yum/rssh-2.3.2-7.el5.i386.rpm preinstall scriptlet (using /bin/sh): getent group rsshusers >/dev/null || groupadd -r rsshusers exit 0 On Thu, Mar 31, 2011 at 3:24 PM, Ian Quinn <rss...@gm...> wrote: > Yes, form the epel repo. > > 979b24c706c3d121abe95e0c630bc3ef rssh-2.3.2-7.el5.i386.rpm > > Installed Packages > Name : rssh > Arch : i386 > Version : 2.3.2 > Release : 7.el5 > Size : 85 k > Repo : installed > Summary : Restricted shell for use with OpenSSH, allowing only scp > and/or sftp > URL : http://www.pizzashack.org/rssh/ > License : BSD > Description: > : rssh is a restricted shell for use with OpenSSH, allowing only > scp > : and/or sftp. For example, if you have a server which you only > want > : to allow users to copy files off of via scp, without providing > shell > : access, you can use rssh to do that. It is a alternative to > scponly. > > > > > On Thu, Mar 31, 2011 at 3:18 PM, Russ Allbery <rr...@st...> wrote: > >> Ian Quinn <rss...@gm...> writes: >> >> > I ran into an issue when upgrading from 2.3.2-1 to 2.3.2-7. It caused >> > some issues for my users, and wanted to find out if this was intended or >> > not. >> >> I assume this is with Red Hat packages? I wanted to double-check, though, >> since the version numbers you cite could have possibly been Debian >> packages. But I don't think the Debian packages have ever automatically >> created groups. >> >> -- >> Russ Allbery (rr...@st...) <http://www.eyrie.org/~eagle/ >> > >> > > |
From: Ian Q. <rss...@gm...> - 2011-03-31 22:25:01
|
Yes, form the epel repo. 979b24c706c3d121abe95e0c630bc3ef rssh-2.3.2-7.el5.i386.rpm Installed Packages Name : rssh Arch : i386 Version : 2.3.2 Release : 7.el5 Size : 85 k Repo : installed Summary : Restricted shell for use with OpenSSH, allowing only scp and/or sftp URL : http://www.pizzashack.org/rssh/ License : BSD Description: : rssh is a restricted shell for use with OpenSSH, allowing only scp : and/or sftp. For example, if you have a server which you only want : to allow users to copy files off of via scp, without providing shell : access, you can use rssh to do that. It is a alternative to scponly. On Thu, Mar 31, 2011 at 3:18 PM, Russ Allbery <rr...@st...> wrote: > Ian Quinn <rss...@gm...> writes: > > > I ran into an issue when upgrading from 2.3.2-1 to 2.3.2-7. It caused > > some issues for my users, and wanted to find out if this was intended or > > not. > > I assume this is with Red Hat packages? I wanted to double-check, though, > since the version numbers you cite could have possibly been Debian > packages. But I don't think the Debian packages have ever automatically > created groups. > > -- > Russ Allbery (rr...@st...) <http://www.eyrie.org/~eagle/> > |
From: Russ A. <rr...@st...> - 2011-03-31 22:18:18
|
Ian Quinn <rss...@gm...> writes: > I ran into an issue when upgrading from 2.3.2-1 to 2.3.2-7. It caused > some issues for my users, and wanted to find out if this was intended or > not. I assume this is with Red Hat packages? I wanted to double-check, though, since the version numbers you cite could have possibly been Debian packages. But I don't think the Debian packages have ever automatically created groups. -- Russ Allbery (rr...@st...) <http://www.eyrie.org/~eagle/> |
From: Ian Q. <rss...@gm...> - 2011-03-31 22:12:40
|
Hi All, I ran into an issue when upgrading from 2.3.2-1 to 2.3.2-7. It caused some issues for my users, and wanted to find out if this was intended or not. Basically I had the group 'rsshuser' per the man page that contained all my rssh users. During the upgrade, the group 'rsshusers' was created, and permissions were changed on /usr/bin/rssh and /usr/libexec/rssh_chroot_helper to only allow the newly created rsshusers group to execute. Since this group was new, none of the users in 'rsshuser' were in 'rsshusers'. Assuming i had a proper configuration prior to the upgrade, I would imagine that upgrade should have created 'rsshuser' group if it did not exist and update permissions on files appropriately. I cannot find any references in the updated man page about 'rsshusers' either, it still says to create and use 'rsshuser'. Here is my before and after from a test box. [root@testbox ~]# ls -l /usr/bin/rssh -rwxr-xr-x 1 root root 26479 Mar 8 2007 /usr/bin/rssh [root@testbox ~]# ls -l /usr/libexec/rssh_chroot_helper -rwsr-xr-x 1 root root 54204 Mar 8 2007 /usr/libexec/rssh_chroot_helper [root@testbox ~]# grep rsshuser /etc/group rsshuser:x:5023:testrssh [root@testbox ~]# rpm -U /tmp/yum/rssh-2.3.2-7.el5.i386.rpm [root@testbox ~]# ls -l /usr/bin/rssh -rwxr-x--- 1 root rsshusers 22276 Nov 4 13:27 /usr/bin/rssh [root@testbox ~]# ls -l /usr/libexec/rssh_chroot_helper -rwsr-x--- 1 root rsshusers 21060 Nov 4 13:27 /usr/libexec/rssh_chroot_helper [root@testbox ~]# grep rsshuser /etc/group rsshuser:x:5023:testrssh rsshusers:x:491: [root@testbox ~]# Thanks in advance for any info that may shed some light on this issue. -Ian |
From: Aurelin <au...@au...> - 2011-02-24 15:25:07
|
Hi Russ Thanks for you patch, it now works fine. Kind regards Aurelin Quoting Aurelin <au...@au...>: > Thank you, I'll test that, then tell you if it worked. > > Quoting Russ Allbery <rr...@st...>: > >> Aurelin <au...@au...> writes: >> >>> I'm trying to get around a problem with rsync and protocol 30. >>> I found out that if I try to do rsync over rssh with protocol 30, this is >>> not working. >>> Command: >>> rsync rsshsynctest usr@vmsrv01:. >>> (It is equal to >>> rsync --protocol=30 rsshsynctest usr@vmsrv01:. >>> ) >> >> Yes, this is a known problem with the current release of rssh because >> rsync reused the -e option as an internal flag to pass protocol >> information in a particularly difficult way for what rssh is trying to >> do. You can get a patch that several of us *think* does the right thing >> from various places, probably most easily: >> >> http://patch-tracker.debian.org/package/rssh/2.3.2-13 >> >> See fixes/rsync-protocol.diff. >> >> -- >> Russ Allbery (rr...@st...) <http://www.eyrie.org/~eagle/> >> > > > |
From: Aurelin <au...@au...> - 2011-02-22 09:17:41
|
Thank you, I'll test that, then tell you if it worked. Quoting Russ Allbery <rr...@st...>: > Aurelin <au...@au...> writes: > >> I'm trying to get around a problem with rsync and protocol 30. >> I found out that if I try to do rsync over rssh with protocol 30, this is >> not working. >> Command: >> rsync rsshsynctest usr@vmsrv01:. >> (It is equal to >> rsync --protocol=30 rsshsynctest usr@vmsrv01:. >> ) > > Yes, this is a known problem with the current release of rssh because > rsync reused the -e option as an internal flag to pass protocol > information in a particularly difficult way for what rssh is trying to > do. You can get a patch that several of us *think* does the right thing > from various places, probably most easily: > > http://patch-tracker.debian.org/package/rssh/2.3.2-13 > > See fixes/rsync-protocol.diff. > > -- > Russ Allbery (rr...@st...) <http://www.eyrie.org/~eagle/> > |
From: Russ A. <rr...@st...> - 2011-02-21 18:22:12
|
Aurelin <au...@au...> writes: > I'm trying to get around a problem with rsync and protocol 30. > I found out that if I try to do rsync over rssh with protocol 30, this is > not working. > Command: > rsync rsshsynctest usr@vmsrv01:. > (It is equal to > rsync --protocol=30 rsshsynctest usr@vmsrv01:. > ) Yes, this is a known problem with the current release of rssh because rsync reused the -e option as an internal flag to pass protocol information in a particularly difficult way for what rssh is trying to do. You can get a patch that several of us *think* does the right thing from various places, probably most easily: http://patch-tracker.debian.org/package/rssh/2.3.2-13 See fixes/rsync-protocol.diff. -- Russ Allbery (rr...@st...) <http://www.eyrie.org/~eagle/> |
From: Marc S. <ma...@e-...> - 2011-02-21 18:16:27
|
I just ran into the same issue. With rsync version rsync-2.6.8-3.1 my scripts work fine - with rsync and the -e option. But with the newer version of rsync - rsync-3.0.6-5 it breaks - i just verified that the --protocol=29 makes the new version of rsync work just fine. On 02/21/2011 08:23 AM, Aurelin wrote: > Hello list > > I'm trying to get around a problem with rsync and protocol 30. > I found out that if I try to do rsync over rssh with protocol 30, this > is not working. > Command: > rsync rsshsynctest usr@vmsrv01:. > (It is equal to > rsync --protocol=30 rsshsynctest usr@vmsrv01:. > ) > -------------- > Error: > > insecure -e option not allowed. > This account is restricted by rssh. > Allowed commands: rsync > > If you believe this is in error, please contact your system administrator. > > rsync: connection unexpectedly closed (0 bytes received so far) [sender] > rsync error: error in rsync protocol data stream (code 12) at io.c(601) > [sender=3.0.7] > -------------- > Log: > Feb 21 15:02:15 vmsrv01 rssh[15395]: insecure -e option in rdist command > line! > Feb 21 15:02:15 vmsrv01 rssh[15395]: user batch attempted to execute > forbidden commands > Feb 21 15:02:15 vmsrv01 rssh[15395]: command: rsync --server -e.Lsf . . > -------------- > > If I do the command > rsync --protocol=29 rsshsynctest usr@vmsrv01:. > (Or also rsync --protocol=29 rsshsynctest -e ssh usr@vmsrv01:. ) > It works fine. > > To me it is interesting because -e is disabled anyway, I thought. > And it's alos embarrassing to me that I can use -e unless the used > protocol is > 29. > I read that all protocols < 30 in rsync do their hashes with md4, but > protocols > 29 do them with md5. Does that matter? > > Any idea? > > > > ------------------------------------------------------------------------------ > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: > Pinpoint memory and threading errors before they happen. > Find and fix more than 250 security defects in the development cycle. > Locate bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > > > > _______________________________________________ > rssh-discuss mailing list > rss...@li... > https://lists.sourceforge.net/lists/listinfo/rssh-discuss |
From: Aurelin <au...@au...> - 2011-02-21 14:50:30
|
Hello list I'm trying to get around a problem with rsync and protocol 30. I found out that if I try to do rsync over rssh with protocol 30, this is not working. Command: rsync rsshsynctest usr@vmsrv01:. (It is equal to rsync --protocol=30 rsshsynctest usr@vmsrv01:. ) -------------- Error: insecure -e option not allowed. This account is restricted by rssh. Allowed commands: rsync If you believe this is in error, please contact your system administrator. rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: error in rsync protocol data stream (code 12) at io.c(601) [sender=3.0.7] -------------- Log: Feb 21 15:02:15 vmsrv01 rssh[15395]: insecure -e option in rdist command line! Feb 21 15:02:15 vmsrv01 rssh[15395]: user batch attempted to execute forbidden commands Feb 21 15:02:15 vmsrv01 rssh[15395]: command: rsync --server -e.Lsf . . -------------- If I do the command rsync --protocol=29 rsshsynctest usr@vmsrv01:. (Or also rsync --protocol=29 rsshsynctest -e ssh usr@vmsrv01:. ) It works fine. To me it is interesting because -e is disabled anyway, I thought. And it's alos embarrassing to me that I can use -e unless the used protocol is > 29. I read that all protocols < 30 in rsync do their hashes with md4, but protocols > 29 do them with md5. Does that matter? Any idea? |
From: <kie...@ch...> - 2010-10-12 12:04:46
|
Hello I have worked on an extension in rssh which allows the restricted user to run sudo. With sudo, we can now say that a user A may run the command B as user C, which makes more sense to us because it's easier to specifiy which commands can be run as which user in the sudoers file. So, for example, we have this sudoers file: testuser ALL = (apache) NOPASSWD: /etc/init.d/apache the user testuser has as shell the /usr/local/bin/rssh and in the rssh.conf is specified that he may run sudo. So he can now just login with ssh testuser@server sudo -u apache /etc/init.d/apache restart (for example) This restart apache and then kicks him out of the server. If you want then I may send you the sourcecode of this extension (which is still in the testing phase, so...) That's it Have a nice day K.S. |