[TriLUG] ssh trouble

Jason Tower jason at cerient.net
Mon Jul 19 15:23:01 EDT 2004 

yes, you will almost certainly need /etc/shadow, and /etc/groups and
gshadow wouldn't hurt either.  the encrypted passwd is stored in shadow,
not passwd.

jason

> I am building an SFTP server with a chroot jail using:
> Redhat 9
> openssh-3.5p1-6
> rssh-2.2.1-1
>
> I have based my efforts on Derek Martin's neat little write-up at
> http://www.sdri.co.jp/rssh/CHROOT_en.html
>
> I can log in as root and am NOT chroot'ed.  This is what I want and
> expect.  I can not log in as the user "test".
>
> Here is some output from sftp -vvv test at 172.16.131.8
>
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> debug3: userauth_kbdint: disable: no info_req_seen
> debug2: we did not send a packet, disable method
> debug3: authmethod_lookup password
> debug3: remaining preferred:
> debug3: authmethod_is_enabled password
> debug1: next auth method to try is password
> test at 172.16.131.8's password:
> debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
> debug2: we sent a password packet, wait for reply
> debug1: authentications that can continue:
> publickey,password,keyboard-interactive
> Permission denied, please try again.
>
> note that the password I offered was not accepted.  what could cause
> that?  I have created the user test and modified test's home to be
> /usr/chroot/home/test.  I also copied /etc/passwd to
> /usr/chroot/etc/passwd and trimmed it down to just the user test.  Since
> the real passwd file uses shadow I wonder if I need to copy shadow over
> to the chroot'ed location as well.  Could that be it?  It was my
> understanding that the authentication would take place using the real
> /etc/passwd rather than the chrooted one.
>
> My name is Ryan Leathers and I approved this email.
>
> --
> Ryan Leathers <ryan.leathers at globalknowledge.com>
> Global Knowledge
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
>

More information about the TriLUG mailing list