[TriLUG] ssh trouble
Mike Johnson
mike at enoch.org
Mon Jul 19 21:05:51 EDT 2004
Ryan Leathers [ryan.leathers at globalknowledge.com] wrote:
> I am building an SFTP server with a chroot jail using:
> Redhat 9
> openssh-3.5p1-6
> rssh-2.2.1-1
>
> I have based my efforts on Derek Martin's neat little write-up at
> http://www.sdri.co.jp/rssh/CHROOT_en.html
Dumb question? Why the chroot? It's a pain in the ass to manage. rssh
does a good job of providing near equivalent security with much less
complexity.
> note that the password I offered was not accepted. what could cause
> that? I have created the user test and modified test's home to be
> /usr/chroot/home/test. I also copied /etc/passwd to
> /usr/chroot/etc/passwd and trimmed it down to just the user test. Since
> the real passwd file uses shadow I wonder if I need to copy shadow over
> to the chroot'ed location as well. Could that be it? It was my
> understanding that the authentication would take place using the real
> /etc/passwd rather than the chrooted one.
Any idea what the logs say? In the mkchroot.sh script provided by rssh,
there's a comment that you should pay attention to:
"Chroot jail configuration completed."
"NOTE: if you are not using the passwd file for authentication,"
"you may need to copy some of the /lib/libnss_* files into the jail."
Might be something to investigate. It may be that you're getting authd,
but getting kicked out due to something other than whether or not the
password worked.
Mike
--
"Spare me your space-age technobabble Atilla The Hun!" -- Zapp Brannigan
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
More information about the TriLUG
mailing list