[TriLUG] ssh trouble
ryan.leathers at globalknowledge.com
Tue Jul 20 09:06:33 EDT 2004
I did more spelunking after your suggestion. Unfortunately I tinkered
with so much I can't say for sure what "THE" problem was but its working
On Mon, 2004-07-19 at 21:05, Mike Johnson wrote:
> Ryan Leathers [ryan.leathers at globalknowledge.com] wrote:
> > I am building an SFTP server with a chroot jail using:
> > Redhat 9
> > openssh-3.5p1-6
> > rssh-2.2.1-1
> > I have based my efforts on Derek Martin's neat little write-up at
> > http://www.sdri.co.jp/rssh/CHROOT_en.html
> Dumb question? Why the chroot? It's a pain in the ass to manage. rssh
> does a good job of providing near equivalent security with much less
> > note that the password I offered was not accepted. what could cause
> > that? I have created the user test and modified test's home to be
> > /usr/chroot/home/test. I also copied /etc/passwd to
> > /usr/chroot/etc/passwd and trimmed it down to just the user test. Since
> > the real passwd file uses shadow I wonder if I need to copy shadow over
> > to the chroot'ed location as well. Could that be it? It was my
> > understanding that the authentication would take place using the real
> > /etc/passwd rather than the chrooted one.
> Any idea what the logs say? In the mkchroot.sh script provided by rssh,
> there's a comment that you should pay attention to:
> "Chroot jail configuration completed."
> "NOTE: if you are not using the passwd file for authentication,"
> "you may need to copy some of the /lib/libnss_* files into the jail."
> Might be something to investigate. It may be that you're getting authd,
> but getting kicked out due to something other than whether or not the
> password worked.
> "Spare me your space-age technobabble Atilla The Hun!" -- Zapp Brannigan
> GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
> GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
Ryan Leathers <ryan.leathers at globalknowledge.com>
More information about the TriLUG