[TriLUG] ssh trouble

[Ryan Leathers]

Thanks Mike,

I did more spelunking after your suggestion.  Unfortunately I tinkered
with so much I can't say for sure what "THE" problem was but its working
now.

On Mon, 2004-07-19 at 21:05, Mike Johnson wrote:
> Ryan Leathers [ryan.leathers at globalknowledge.com] wrote:
> > I am building an SFTP server with a chroot jail using:
> > Redhat 9 
> > openssh-3.5p1-6
> > rssh-2.2.1-1
> > 
> > I have based my efforts on Derek Martin's neat little write-up at
> > http://www.sdri.co.jp/rssh/CHROOT_en.html
> 
> Dumb question?  Why the chroot?  It's a pain in the ass to manage.  rssh
> does a good job of providing near equivalent security with much less
> complexity.
>  
> > note that the password I offered was not accepted.  what could cause
> > that?  I have created the user test and modified test's home to be
> > /usr/chroot/home/test.  I also copied /etc/passwd to
> > /usr/chroot/etc/passwd and trimmed it down to just the user test.  Since
> > the real passwd file uses shadow I wonder if I need to copy shadow over
> > to the chroot'ed location as well.  Could that be it?  It was my
> > understanding that the authentication would take place using the real
> > /etc/passwd rather than the chrooted one.
> 
> Any idea what the logs say?  In the mkchroot.sh script provided by rssh,
> there's a comment that you should pay attention to:
> "Chroot jail configuration completed."
> "NOTE: if you are not using the passwd file for authentication,"
> "you may need to copy some of the /lib/libnss_* files into the jail."
> 
> Might be something to investigate.  It may be that you're getting authd,
> but getting kicked out due to something other than whether or not the
> password worked.
> 
> Mike
> -- 
> "Spare me your space-age technobabble Atilla The Hun!" --  Zapp Brannigan
> 
> GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF  C821 89C4 DF9A 5DDD 95D1
> GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-- 
Ryan Leathers <ryan.leathers at globalknowledge.com>
Global Knowledge