Hi, My problem is with setting up ssh in a chrooted environment:
The box in question is running Debian 2.4 "unstable" (2.4.18-bf2.4) with the following relevant packages installed: ii makejail 0.0.5-4 Automatically create chroot jails for progra ii fileutils 5.0.91-2 The GNU file management utilities (transitio as well as ssh_3.4p1-1.woody.3+chroot3.5p1_i386.deb (http://debian.home-dn.net/woody/ssh) as per the instructions on http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html Installation i.e. makejail /usr/share/doc/makejail/examples/sshd.py runs OK the daemon gets started. The problem: Can't log in via ssh - neither as a user that is in the chrooted-environment nor as a user in a non-chrooted environment. /var/chroot/sshd gets set up with e.g./var/chroot/sshd/etc/passwd containing only an entry for "sshd". So I've modified both passwd, shadow, group in the chrooted-dir by entering copies of the respective entries in the main password-file but that didn't change anything. I've included both the debug-output of the ssh-session on the client-side as well as the debug-output from the sshd on the server side. What I've been trying in this context is to log into the box as user "evil" which has the following passwd-entry: evil:x:1002:1002:The Evil,,,:/home/evil/./:/bin/bash Thanks much in advance for any clue, -ewald ------------------------------ < Cut here > ----------------------------- Debug-output of ssh on client-side: $ ssh vmware -v -l evil OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to vmware [143.245.2.244] port 22. debug1: Connection established. debug1: identity file /home/ej/.ssh/identity type -1 debug1: identity file /home/ej/.ssh/id_rsa type -1 debug1: identity file /home/ej/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3+chroot3.5p1 debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3+chroot3.5p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 136/256 debug1: bits set: 1619/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'vmware' is known and matches the RSA host key. debug1: Found key in /home/ej/.ssh/known_hosts:29 debug1: bits set: 1620/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/ej/.ssh/identity debug1: try privkey: /home/ej/.ssh/id_rsa debug1: try privkey: /home/ej/.ssh/id_dsa debug1: next auth method to try is keyboard-interactive debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is password [EMAIL PROTECTED]'s password: debug1: authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again. [EMAIL PROTECTED]'s password: debug1: authentications that can continue: publickey,password,keyboard-interactive Permission denied, please try again. [EMAIL PROTECTED]'s password: debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: no more auth methods to try Permission denied (publickey,password,keyboard-interactive). debug1: Calling cleanup 0x80675a0(0x0) $ ------------------------------ < Cut here > ------------------------------ Debug-output of sshd on server-side: debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3+chroot3.5p1 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. debug1: Server will not fork when running in debugging mode. Connection from 143.245.83.20 port 32824 debug1: Client protocol version 2.0; client software version OpenSSH_3.4p1 debug1: match: OpenSSH_3.4p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3+chroot3.5p1 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 133/256 debug1: bits set: 1620/3191 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1619/3191 debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user evil service ssh-connection method none debug1: attempt 0 failures 0 input_userauth_request: illegal user evil debug1: Starting up PAM with username "NOUSER" Could not reverse map address 143.245.83.20. debug1: PAM setting rhost to "143.245.83.20" Failed none for illegal user evil from 143.245.83.20 port 32824 ssh2 debug1: userauth-request for user evil service ssh-connection method keyboard-interactive debug1: attempt 1 failures 1 debug1: keyboard-interactive devs debug1: auth2_challenge: user=evil devs= debug1: kbdint_alloc: devices '' Failed keyboard-interactive for illegal user evil from 143.245.83.20 port 32824 ssh2 debug1: userauth-request for user evil service ssh-connection method password debug1: attempt 2 failures 2 Failed password for illegal user evil from 143.245.83.20 port 32824 ssh2 debug1: userauth-request for user evil service ssh-connection method password debug1: attempt 3 failures 3 Failed password for illegal user evil from 143.245.83.20 port 32824 ssh2 debug1: userauth-request for user evil service ssh-connection method password debug1: attempt 4 failures 4 Failed password for illegal user evil from 143.245.83.20 port 32824 ssh2 Connection closed by 143.245.83.20 debug1: Calling cleanup 0x806bedc(0x0) debug1: Calling cleanup 0x8052b48(0x0) debug1: Calling cleanup 0x806bedc(0x0) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
