[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Grsecurity and ssh


I have built a chroot environment for ssh with makejail. I have had no
problem to do that, i can log into the chroot environment. It works very
well. :) 

Now i would like to use the GNU/Linux kernel with grsecurity patch. I
have compiled and installed this kernel but when i want to log into the
system via ssh (the service start also), i have the following error due
to grsecurity:
"grsec: denied attempt to double chroot to /[...] by (sshd:14334) UID(0)
EUID(0), parent (sshd:20587) UID(0) EUID(0)"

I have seen an option about double chroot in the kernel but i would like
to know how i can resolve this problem without deactivate this option.
Have you an idea ?

I have an another problem with pam. I have following the securing debian
manual and put this line into /etc/pam.d/ssh :
password required pam_cracklib.so retry=3 minlen=8 difok=3
password required pam_unix.so use_authok nullok md5

And commented this :
password required pam_unix.so

I have installed libpam_cracklib and i have choosen md5 password during
the installation. But i have this error when i want to change a password
"passwd: Critical error - immediate abort"

I have done a stupid error i think but if someone could explain me why i
have this error ? ;)

Thanks for your help...
Arnaud Fontaine 

----- signature
Arnaud Fontaine <dsdebian@free.fr> - http://www.andesi.org/
GnuPG Public Key available at http://www.andesi.org/gpg/dsdebian.asc
Fingerprint: 22B6 B676 332E 23BC CA7D 174D 6D41 235A 23A2 500A

------ fortune
Momma always said: "There is only so much fortune a man
really needs - and the rest is for showin' off" 

	Forrest Gump

Attachment: pgpD1jW6T98xv.pgp
Description: PGP signature

Reply to: