Thread: Problem with use rssh
Brought to you by:
xystrus
Menu
▾
▴
rssh-discuss
|
From: <lpi...@ka...> - 2004-04-02 10:21:55
|
Hi all, I'm new in this group but welcome everybody. I try to compile, configure and use rssh. I read CHROOT files and configure my system. When I try to use sftp from other system I see message: debian:~# sftp test@192.168.1.1 Connecting to 192.168.1.1... test@192.168.1.1's password: Connection closed debian:~# I couldn't login to debian system. Could you help me and tell me what I did wrong? When I configured system (after read CHROOT file) I did I configure /usr/local/etc/rssh file What do I change? 1. Uncommented allowscp allowsftp 2. Change line: chrootpath="/usr/sbin/chroot /usr/chroot/" 1. Create new user test. In /etc/passwd I have line: test:x:1010:1010:,,,:/usr/chroot:/usr/local/bin/rssh 2. mkdir /usr/chroot 3. mkdir /usr/chroot/lib /usr/chroot/etc/ /usr/chroot/local/bin/ 4. cp -r /lib/* /usr/chroot/ 5. cp /usr/bin/scp /usr/chroot/usr/bin/scp 6. cp /usr/bin/sftp-server /usr/chroot/usr/bin/sftp-server 7. cp /usr/local/bin/rssh /usr/chroot/usr/local/bin/rssh 8. cp /usr/local/etc/rssh /usr/chroot/usr/local/etc/rssh 9. cp /etc/ld* /usr/chroot/etc/ 10. cp /etc/passwd /usr/chroot/etc/ 11. cp -r /etc/ssh* /usr/chroot/ 12. cp /usr/lib/lib* /usr/chroot/usr/lib/ And all, |
|
From: Derek M. <co...@pi...> - 2004-04-04 04:15:20
|
On Fri, Apr 02, 2004 at 12:21:47PM +0200, lpi...@ka... wrote: > Hi all, Hi! > I try to compile, configure and use rssh. I read CHROOT files and > configure my system. Well, you have at least one obvious (to me) mistake. Depending on what distro you have, there may be others. > I configure /usr/local/etc/rssh file > What do I change? > 1. Uncommented > allowscp > allowsftp > 2. Change line: > chrootpath="/usr/sbin/chroot /usr/chroot/" This is wrong. The chrootpath line should contain ONLY the path to the directory you will use as your chroot jail. You have the path to the chroot binary here. The chroot binary is 100% irrelevant to rssh. With what you have, rssh is trying to chroot to the directory "/usr/sbin/chroot /usr/chroot/", which almost certainly doesn't exist. Based on what you wrote after this, it should read as follows: chrootpath="/usr/chroot/" > 1. Create new user test. In /etc/passwd I have line: > test:x:1010:1010:,,,:/usr/chroot:/usr/local/bin/rssh > 2. mkdir /usr/chroot > 3. mkdir /usr/chroot/lib /usr/chroot/etc/ /usr/chroot/local/bin/ > 4. cp -r /lib/* /usr/chroot/ > 5. cp /usr/bin/scp /usr/chroot/usr/bin/scp > 6. cp /usr/bin/sftp-server /usr/chroot/usr/bin/sftp-server > 7. cp /usr/local/bin/rssh /usr/chroot/usr/local/bin/rssh > 8. cp /usr/local/etc/rssh /usr/chroot/usr/local/etc/rssh > 9. cp /etc/ld* /usr/chroot/etc/ > 10. cp /etc/passwd /usr/chroot/etc/ > 11. cp -r /etc/ssh* /usr/chroot/ > 12. cp /usr/lib/lib* /usr/chroot/usr/lib/ If you're using Red Hat, I'm pretty sure there's at least one necessary library which is not in either /lib or /usr/lib. Be sure to use the ldd command, as mentioned in the CHROOT file, to figure out exactly what libraries you need. Also, your step #11 should be unnecessary. SSHD reads the files it needs in /etc/ssh long before rssh gets involved. Derek -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |
|
From: Lukasz P. <lpi...@is...> - 2004-04-04 17:58:44
|
Hi,
Thanks a lot for your help. My rssh shell still doesn't work.
>> I try to compile, configure and use rssh. I read CHROOT files and
>> configure my system.
>
>Well, you have at least one obvious (to me) mistake. Depending on
>what distro you have, there may be others.
I use Linux Debian woody with kernel 2.2.
>> I configure /usr/local/etc/rssh file
>> What do I change?
>> 1. Uncommented
>> allowscp
>> allowsftp
>> 2. Change line:
>> chrootpath="/usr/sbin/chroot /usr/chroot/"
>
>This is wrong. The chrootpath line should contain ONLY the path to
>the directory you will use as your chroot jail. You have the path to
>the chroot binary here. The chroot binary is 100% irrelevant to rssh.
>
>With what you have, rssh is trying to chroot to the directory
>"/usr/sbin/chroot /usr/chroot/", which almost certainly doesn't exist.
>Based on what you wrote after this, it should read as follows:
>
> chrootpath="/usr/chroot/"
I corrected my mistake.
chrootpath="/usr/chroot/"
>> 1. Create new user test. In /etc/passwd I have line:
>> test:x:1010:1010:,,,:/usr/chroot:/usr/local/bin/rssh
>> 2. mkdir /usr/chroot
>> 3. mkdir /usr/chroot/lib /usr/chroot/etc/ /usr/chroot/local/bin/
>> 4. cp -r /lib/* /usr/chroot/
>> 5. cp /usr/bin/scp /usr/chroot/usr/bin/scp
>> 6. cp /usr/bin/sftp-server /usr/chroot/usr/bin/sftp-server
>> 7. cp /usr/local/bin/rssh /usr/chroot/usr/local/bin/rssh
>> 8. cp /usr/local/etc/rssh /usr/chroot/usr/local/etc/rssh
>> 9. cp /etc/ld* /usr/chroot/etc/
>> 10. cp /etc/passwd /usr/chroot/etc/
>> 11. cp -r /etc/ssh* /usr/chroot/
>> 12. cp /usr/lib/lib* /usr/chroot/usr/lib/
>
>If you're using Red Hat, I'm pretty sure there's at least one
>necessary library which is not in either /lib or /usr/lib. Be sure to
>use the ldd command, as mentioned in the CHROOT file, to figure out
>exactly what libraries you need.
I copied all files and direcotires from /lib and /usr/lib/ in order to be
sure that no one file is missing.
According to your tip I checked:
#ldd `which sftp`
debian:/usr/chroot# ldd `which sftp`
libutil.so.1 => /lib/libutil.so.1 (0x4001c000)
libz.so.1 => /lib/libz.so.1 (0x4001f000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4002c000)
libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40040000)
libc.so.6 => /lib/libc.so.6 (0x400fa000)
libdl.so.2 => /lib/libdl.so.2 (0x4022a000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
and
#ldd `which scp`
libutil.so.1 => /lib/libutil.so.1 (0x4001c000)
libz.so.1 => /lib/libz.so.1 (0x4001f000)
libnsl.so.1 => /lib/libnsl.so.1 (0x4002c000)
libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x40040000)
libc.so.6 => /lib/libc.so.6 (0x400fa000)
libdl.so.2 => /lib/libdl.so.2 (0x4022a000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
All files from the list above are in chrootpath /usr/chroot/...
My problem is still the same. I can't login to system with rssh.
I write again:
Use sftp with debug option.
#sftp -v test@192.168.1.1
Connecting to 192.168.1.1...
OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL
0x0090603f
[...]
debug1: next auth method to try is password
test@192.168.1.1's password: xxxxx
debug1: ssh-userauth2 successful: method password
debug1: fd 4 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending subsystem: sftp
debug1: channel request 0: subsystem
debug1: channel 0: open confirm rwindow 10000 rmax 32768
debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0
debug1: channel 0: rcvd close
debug1: channel 0: output open -> drain
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status -1
Connection closed
#
May I ask you again? How can I solve this problem? If you want more
information about my system write to me.
Luke
|
|
From: Derek M. <co...@pi...> - 2004-04-07 03:46:06
|
On Sun, Apr 04, 2004 at 07:58:55PM +0200, Lukasz Piskorz wrote: > Hi, >=20 > Thanks a lot for your help. My rssh shell still doesn't work. Ok, let's see what we can do. > I copied all files and direcotires from /lib and /usr/lib/ in order to be > sure that no one file is missing. According to your tip I checked: > #ldd `which sftp` Looks like you have all the libraries. That's good. But the problem with copying everything is that now, if I want to see the contents of your jail to look at what might be missing, I would have to look at a whole lot of irrelevant files. And of course, they do take up space on your hard drive... > My problem is still the same. I can't login to system with rssh. > I write again: > Use sftp with debug option. The debug output to sftp is really not helpful. We already know the problem is with your installation of rssh, not with sftp. > May I ask you again? How can I solve this problem? If you want more > information about my system write to me. Please post your complete rssh.conf file, any related log messages =66rom a failed access attempt, and the contents of the etc directory *INSIDE the chroot jail*. I'll look, but I can't make promises. As I say in all the documentation, I don't really support setting up chroot jails, because it's complicated and system-dependent. --=20 Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |
Thanks for helping keep SourceForge clean.
X