Thanks, for the quick response.
On Sat, Mar 14, 2009 at 02:06:43PM -0700, Russ Allbery wrote:
> Mate <[email protected]> writes:
>
> > If I start sshd with
> >
> > # /usr/sbin/sshd -p2222 -ddd
> >
> > and user tries to log in on port 2222, this gets logged:
> >
> > subsystem request for sftp
> > debug1: subsystem: exec() /usr/lib/openssh/sftp-server
> > debug2: fd 3 setting TCP_NODELAY
> > debug2: fd 10 setting O_NONBLOCK
> > debug2: fd 9 setting O_NONBLOCK
> > debug3: mm_request_receive entering
> > debug1: Received SIGCHLD.
> >
> > Seems like the sftp-server can't start up.
>
> Did you enable syslog logging in the chroot as described by the mkchroot
> script to see if sftp-server is logging anything? You may also need to
> run sshd under strace -f so that you can see exactly what's happening with
> sftp-server is spawned and why it might be exiting.
I've straced it. I guess the key line is:
2438 chroot("/home/user") = -1 EPERM (Operation not permitted)
The context is this:
2438 open("/etc/rssh.conf", O_RDONLY) = 3
2438 fstat64(3, {st_mode=S_IFREG|0644, st_size=1824, ...}) = 0
2438 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0xb7f43000
2438 read(3, "# This is the default rssh config"..., 4096) = 1824
2438 close(3) = 0
2438 munmap(0xb7f43000, 4096) = 0
2438 stat64("/home/user", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
2438 chroot("/home/user") = -1 EPERM (Operation not permitted)
2438 geteuid32() = 1000
2438 getuid32() = 1000
2438 time(NULL) = 1236871330
2438 open("/etc/localtime", O_RDONLY) = 3
The chroot fails. My guess is that the chroot command is being run by "user" and
not root.
u...@debian:~$ /usr/sbin/chroot . usr/lib/openssh/sftp-server
/usr/sbin/chroot: cannot change root directory to .: Operation not permitted
vs.
debian:/home/user# /usr/sbin/chroot . usr/lib/openssh/sftp-server
The permissions are the following:
# ls -lad /home/user
drwxr-xr-x 6 user user 4096 2009-03-11 21:36 /home/user
I've tried chownig it to root, didn't solve it.
I'll try to set up the in-jail logging as you suggested. It might take some
time,
because I've never done that before.
> > # chown a+s /usr/lib/rssh/rssh_chroot_helper
> > Surprisingly, setuid was not set by "apt-get install".
>
> rssh asks you on installation in Debian whether you want to make the
> helper setuid root. You may have your prompt level set too high to see it
> during installation, in which case you should run dpkg-reconfigure rssh to
> see the prompt.
Yes, you are right.
Thanks,
--
M
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
rssh-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rssh-discuss
