RE: SSH Chroot Patch - Anyone successfully using it?
Hi Daniel,
> I might be reading your email wrong. The
> /var/chroot/apache/etc/passwd is not what matters. What does
> matter is the standard /etc/passwd.
>
> So, try adding something like this:
>
> mbellears:x:1001:1001:Chrooted
> user:/var/chroot/apache/./home/mbellears:/bin/bash
If I do not have the users entry in the chroot'd /etc/passwd, the user
cannot gain access:
Oct 22 07:30:24 localhost sshd[2992]: input_userauth_request: illegal
user mbellears3
Oct 22 07:30:24 localhost sshd[2992]: Could not reverse map address
192.168.1.11.
Oct 22 07:30:24 localhost sshd[2992]: Failed none for illegal user
mbellears3 from 192.168.1.11 port 32925 ssh2
Oct 22 07:30:24 localhost sshd[2992]: Failed keyboard-interactive for
illegal user mbellears3 from 192.168.1.11 port 32925 ssh2
Oct 22 07:30:27 localhost sshd[2992]: Failed password for illegal user
mbellears3 from 192.168.1.11 port 32925 ssh2
Oct 22 07:30:32 localhost last message repeated 2 times
Oct 22 07:30:32 localhost sshd[2992]: Connection closed by 192.168.1.11
/etc/passwd does not appear to be even considered during the SSH/SFTP
attempts - I have removed the 'mbellears3' entry entirely from that
file, and still get the:
Oct 22 07:35:07 localhost sshd[3005]: fatal: Couldn't chroot to user
directory
Error in the auth log...which by the way is an error originating from
the patch to session.c:
if (chroot(user_dir) != 0)
fatal("Couldn't chroot to user directory %s", user_dir);
pw->pw_dir = new_root;
So the patch appears to have been applied correctly...I must be using it
incorrectly ;)
Regards,
MB
>
> --
> Danie Roux *shuffle* Adore Unix
>
>
>
Reply to: