Thread: "Connection closed" problem
Brought to you by:
xystrus
Menu
▾
▴
rssh-discuss
|
From: Laura R. <ar...@ho...> - 2003-12-22 15:00:29
|
Hi!
I'm a new user of rssh and I've just set up a chroot jail for one user on
RedHat 7.3.
I've create the following directories and copy the files (as described in
CHROOT file):
/usr/chroot/
/usr/chroot/usr/bin/scp
/usr/chroot/usr/libexec/openssh/sftp-server
/usr/chroot/usr/local/bin/rssh_chrrot_helper
copied in /usr/chroot/lib :
/lib/libresolv.so.2
/lib/libutil.so.1
/lib/libnsl.so.1
/lib/libcrypto.so.2
/lib/i686/libc.so.6
/lib/libdl.so.2
/lib/ld-linux.so.2
copied in /usr/chroot/usr/lib :
/usr/lib/libz.so.1
and then I've created :
/usr/chroot/home/my_user
my rssh.conf is:
logfacility = LOG_USER # you can use comments at end of line
allowsftp
umask = 022
chrootpath=/usr/chroot/
user=my_user:011:10:/usr/chroot/home/my_user
in my file passwd there is:
my_user:x:501:0::/usr/chroot/home/my_user:/usr/bin/rssh
There is passphrase to connect and then I received the message:
Connection closed
Verbose mode stamps this messages:
Connecting to 192.168.X.X...
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to 192.168.0.150 [192.168.0.150] port 22.
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 0/0 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug3: key_read: no key found
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /user1/.ssh/id_rsa type 1
debug1: identity file /user1/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hma...@op...,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1581/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 3
debug1: Host '192.168.X.X' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:3
debug1: bits set: 1594/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,keyboard-interactive
debug3: start over, passed a different list publickey,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: next auth method to try is publickey
debug1: try pubkey: /user1/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x808fe48 hint
0
debug2: input_userauth_pk_ok: fp
05:c2:14:8a:7f:87:29:de:6d:54:35:a0:39:ae:e4:df
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/user1/.ssh/id_rsa':
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug3: clear hostkey 0
debug3: clear hostkey 1
debug3: clear hostkey 2
debug1: fd 4 setting O_NONBLOCK
debug2: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: Sending subsystem: sftp
debug1: channel request 0: subsystem
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 131072
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug3: channel_free: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1)
debug3: channel_close_fds: channel 0: r -1 w -1 e 6
debug1: fd 0 clearing O_NONBLOCK
debug2: fd 1 is not O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.5 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 1
Connection closed
Also /var/log/messages :
sshd(pam_unix)[5050]: session opened for user dexgate by (uid=0)
rssh[5051]: setting log facility to LOG_USER
rssh[5051]: allowing sftp to all users
rssh[5051]: setting umask to 022
rssh[5051]: chrooting all users to /usr/chroot/
rssh[5051]: line 25: configuring user my_user
rssh[5051]: setting my_user's umask to 011
rssh[5051]: allowing sftp to user my_user
rssh[5051]: chrooting my_user to /usr/chroot/home/my_user
rssh[5051]: chroot cmd line: /usr/libexec/rssh_chroot_helper
"/usr/chroot/home/my_user" 2 "/" /usr/libexec/openssh/sftp-server
sshd(pam_unix)[5050]: session closed for user my_user
This is all. What is wrong?
I've tryed without chroot and sftp connection works fine, but I need chroot
jail!
What's the problem?
Thanks
_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie!
http://www.ilovemessenger.msn.it/
|
|
From: Derek M. <co...@pi...> - 2004-01-31 18:16:38
|
On Mon, Dec 22, 2003 at 03:00:23PM +0000, Laura Rossi wrote: > Hi! Hi Laura, Sorry to take so long getting back to you. I've moved across the world and have only had limited Internet access up to now... > I'm a new user of rssh and I've just set up a chroot jail for one user on > RedHat 7.3. You're aware that Red Hat 7.3 is EOL and unsupported (as are all other releases up to Red Hat 8, with RH9 soon to follow in April). I believe there are already known security holes in RH 7.3 which Red Hat will not fix. Spending time setting up chroot jails may be a waste of your time... > I've create the following directories and copy the files (as > described in > CHROOT file): > > /usr/chroot/ [SNIP] So it seems that you want the chroot jail to be located in /usr/chroot, right? > my rssh.conf is: > > logfacility = LOG_USER # you can use comments at end of line > allowsftp > umask = 022 > chrootpath=/usr/chroot/ > user=my_user:011:10:/usr/chroot/home/my_user Well, then that's the problem. You told rssh that the base of the chroot jail for "my_user" is /usr/chroot/home/my_user, NOT /usr/chroot. I suggest you have another look at the man page for rssh.conf, if this is still a problem for you. Note particularly the documentation about the "user=" directive. I didn't see anything else wrong, but if you still have problems after you fix the user= line, you may have missed a library somewhere. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D |
Thanks for helping keep SourceForge clean.
X