[TriLUG] ssh trouble
Ryan Leathers
ryan.leathers at globalknowledge.com
Mon Jul 19 15:32:57 EDT 2004
right - so its the ones inside the chroot'ed filesystem that matter for
authentication purposes jason?
the only thing that matters in the /etc/passwd is the path for the users
home? that is what determines who gets chrooted unless Im more confused
than I know
On Mon, 2004-07-19 at 15:23, Jason Tower wrote:
> yes, you will almost certainly need /etc/shadow, and /etc/groups and
> gshadow wouldn't hurt either. the encrypted passwd is stored in shadow,
> not passwd.
>
> jason
>
> > I am building an SFTP server with a chroot jail using:
> > Redhat 9
> > openssh-3.5p1-6
> > rssh-2.2.1-1
> >
> > I have based my efforts on Derek Martin's neat little write-up at
> > http://www.sdri.co.jp/rssh/CHROOT_en.html
> >
> > I can log in as root and am NOT chroot'ed. This is what I want and
> > expect. I can not log in as the user "test".
> >
> > Here is some output from sftp -vvv test at 172.16.131.8
> >
> > debug1: authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug3: userauth_kbdint: disable: no info_req_seen
> > debug2: we did not send a packet, disable method
> > debug3: authmethod_lookup password
> > debug3: remaining preferred:
> > debug3: authmethod_is_enabled password
> > debug1: next auth method to try is password
> > test at 172.16.131.8's password:
> > debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
> > debug2: we sent a password packet, wait for reply
> > debug1: authentications that can continue:
> > publickey,password,keyboard-interactive
> > Permission denied, please try again.
> >
> > note that the password I offered was not accepted. what could cause
> > that? I have created the user test and modified test's home to be
> > /usr/chroot/home/test. I also copied /etc/passwd to
> > /usr/chroot/etc/passwd and trimmed it down to just the user test. Since
> > the real passwd file uses shadow I wonder if I need to copy shadow over
> > to the chroot'ed location as well. Could that be it? It was my
> > understanding that the authentication would take place using the real
> > /etc/passwd rather than the chrooted one.
> >
> > My name is Ryan Leathers and I approved this email.
> >
> > --
> > Ryan Leathers <ryan.leathers at globalknowledge.com>
> > Global Knowledge
> >
> > --
> > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
> >
> >
--
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge
More information about the TriLUG
mailing list