Re: ssh chroot on debian documentation
Regards, Robert Vangel <[EMAIL PROTECTED]> - Tue, Nov 02, 2004: > Can people please be more careful when creating new messages, not to hit > reply to a message then removing everything & starting again. Because it breaks the natural flow of conversation. Why is top-posting so bad? -- Loïc Minier <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssh chroot on debian documentation
Can people please be more careful when creating new messages, not to hit reply to a message then removing everything & starting again. This does play up with clients that follow standards and do threading through headers passed on by other compliant clients, rather than just threading as-per subjects. Thanks. Vincent Tantardini wrote: Hello, I juste write a little documentation about how I create a chrooted environment for ssh, you can find the doc at: http://vince.kerneled.org/files/ssh_chroot.txt Please, give me some comments about the method I adopt here. Regards, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssh chroot on debian documentation
-Original Message- From: Vincent Tantardini <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Tue, 2 Nov 2004 08:03:43 +0100 Subject: ssh chroot on debian documentation > Hello, > I juste write a little documentation about how I create a chrooted > environment > for ssh, you can find the doc at: > http://vince.kerneled.org/files/ssh_chroot.txt > > Please, give me some comments about the method I adopt here. > > Regards, Is ssh chrooted useful? The only useful thing I can realize: require an ssh login into a machine with 2 nics and open another ssh session. In this way I have to exploit 2 sshd instead of one to get into... Mah. Am I missing something? Bye. Radel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ssh chroot on debian documentation
Hello, I juste write a little documentation about how I create a chrooted environment for ssh, you can find the doc at: http://vince.kerneled.org/files/ssh_chroot.txt Please, give me some comments about the method I adopt here. Regards, -- Vincent Tantardini <[EMAIL PROTECTED]> Kerneled opensource collabiration - http://kerneled.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Ssh + chroot
On Thu, 23 Aug 2001 13:26:45 +0200 Michael Wood <[EMAIL PROTECTED]> wrote: > I haven't been following the thread. Do you get the message as > soon as you run sshd or just when someone tries to log in? > I get the message when I try to do an scp from local to the chrooted host(as it must run scp in the chroot). But no problem with ssh or sftp. > > If you get the error when trying to start sshd, you can try > something like this: > > strace sshd > or > strace -eopen sshd > or > strace sshd 2>&1 | less > etc. > > That might give you more of an idea of what sshd can't find. Thanks!!! It works, strace said me that I need to put /lib/libnss_files.so.2 and /lib/libnss_compat.so.2 Thanks to you Mickael and Nick and ... strace. So now here is the content of my chroot to make ssh,scp,sftp and some other stuff to work. If someone shows something he thinks it's a very bad idea to have it in a chroot, please let me know it. Manu. ./bin ./bin/bash ./bin/cat ./bin/chmod ./bin/cp ./bin/date ./bin/df ./bin/echo ./bin/grep ./bin/gunzip ./bin/gzip ./bin/hostname ./bin/ln ./bin/ls ./bin/mkdir ./bin/mv ./bin/rm ./bin/rmdir ./bin/tar ./bin/touch ./bin/uncompress ./bin/gdb ./lib ./lib/libncurses.so.5 ./lib/libdl.so.2 ./lib/libc.so.6 ./lib/ld-linux.so.2 ./lib/libpam.so.0 ./lib/libwrap.so.0 ./lib/libnsl.so.1 ./lib/libutil.so.1 ./lib/libcrypt.so.1 ./lib/libncurses.so.4 ./lib/libm.so.6 ./lib/libnss_files.so.2 ./lib/libnss_compat.so.2 ./usr ./usr/bin ./usr/bin/bzip2 ./usr/bin/emacs ./usr/bin/zip ./usr/bin/unzip ./usr/bin/zile ./usr/bin/scp ./usr/bin/psql ./usr/lib ./usr/lib/libbz2.so.0 ./usr/lib/sftp-server ./usr/lib/libz.so.1 ./usr/lib/libcrypto.so.0.9.5 ./usr/lib/menu ./usr/lib/menu/zile ./usr/lib/postgresql ./usr/lib/postgresql/bin ./usr/lib/postgresql/bin/psql ./usr/lib/libpq.so.2 ./usr/lib/libpq.so.2.0 ./usr/lib/libpq.so.2.1 ./usr/share ./usr/share/zile ./usr/share/zile/HELP ./usr/share/zile/FAQ ./usr/share/zile/LATEST_VERSION ./usr/share/zile/HELPWIN ./usr/share/zile/TUTORIAL ./usr/share/zile/AUTODOC ./etc ./etc/nsswitch.conf ./etc/terminfo ./etc/terminfo/a ./etc/terminfo/a/ansi ./etc/terminfo/d ./etc/terminfo/d/dumb ./etc/terminfo/l ./etc/terminfo/l/linux ./etc/terminfo/r ./etc/terminfo/r/rxvt-m ./etc/terminfo/r/rxvt ./etc/terminfo/s ./etc/terminfo/s/screen ./etc/terminfo/s/screen-w ./etc/terminfo/s/sun ./etc/terminfo/v ./etc/terminfo/v/vt100 ./etc/terminfo/v/vt102 ./etc/terminfo/v/vt220 ./etc/terminfo/v/vt52 ./etc/terminfo/x ./etc/terminfo/x/xterm ./etc/terminfo/x/xterm-xfree86 ./etc/terminfo/x/xterm-debian ./etc/terminfo/x/xterm-basic ./etc/terminfo/x/xterm-mono ./etc/terminfo/x/xterm-r5 ./etc/terminfo/x/xterm-color ./etc/terminfo/x/xterm-r6 ./etc/terminfo/x/xterm-vt220 ./etc/terminfo/m ./etc/terminfo/m/mach-bold ./etc/terminfo/m/mach ./etc/terminfo/m/mach-color ./etc/terminfo/p ./etc/terminfo/p/pcansi ./etc/passwd -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com pgpv7fIFumzh8.pgp Description: PGP signature
Re: Ssh + chroot
On Thu, 23 Aug 2001 11:19:58 +0100 Nick Phillips <[EMAIL PROTECTED]> wrote: > > Anyone having an Idea? > > Can't see that you got a response to this... you probably need the PAM > stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf > or other stuff in pam.d). > > Cheers, > > Thanks for this first response... I tried it (cp -r /etc/pam* /home/manu/etc/) but nothing happens, same error: "unknown user 1012". Maybe do I need to put some programs corresponding to pam (I'm not very closed to pam use...). Of course it's a pam problem. -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com pgppYnOyMScyA.pgp Description: PGP signature
Re: Ssh + chroot
> Anyone having an Idea? Can't see that you got a response to this... you probably need the PAM stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf or other stuff in pam.d). Cheers, Nick -- Nick Phillips -- [EMAIL PROTECTED] You will wish you hadn't.
Re: Ssh + chroot
On Thu, 23 Aug 2001 13:26:45 +0200 Michael Wood <[EMAIL PROTECTED]> wrote: > I haven't been following the thread. Do you get the message as > soon as you run sshd or just when someone tries to log in? > I get the message when I try to do an scp from local to the chrooted host(as it must run scp in the chroot). But no problem with ssh or sftp. > > If you get the error when trying to start sshd, you can try > something like this: > > strace sshd > or > strace -eopen sshd > or > strace sshd 2>&1 | less > etc. > > That might give you more of an idea of what sshd can't find. Thanks!!! It works, strace said me that I need to put /lib/libnss_files.so.2 and /lib/libnss_compat.so.2 Thanks to you Mickael and Nick and ... strace. So now here is the content of my chroot to make ssh,scp,sftp and some other stuff to work. If someone shows something he thinks it's a very bad idea to have it in a chroot, please let me know it. Manu. ./bin ./bin/bash ./bin/cat ./bin/chmod ./bin/cp ./bin/date ./bin/df ./bin/echo ./bin/grep ./bin/gunzip ./bin/gzip ./bin/hostname ./bin/ln ./bin/ls ./bin/mkdir ./bin/mv ./bin/rm ./bin/rmdir ./bin/tar ./bin/touch ./bin/uncompress ./bin/gdb ./lib ./lib/libncurses.so.5 ./lib/libdl.so.2 ./lib/libc.so.6 ./lib/ld-linux.so.2 ./lib/libpam.so.0 ./lib/libwrap.so.0 ./lib/libnsl.so.1 ./lib/libutil.so.1 ./lib/libcrypt.so.1 ./lib/libncurses.so.4 ./lib/libm.so.6 ./lib/libnss_files.so.2 ./lib/libnss_compat.so.2 ./usr ./usr/bin ./usr/bin/bzip2 ./usr/bin/emacs ./usr/bin/zip ./usr/bin/unzip ./usr/bin/zile ./usr/bin/scp ./usr/bin/psql ./usr/lib ./usr/lib/libbz2.so.0 ./usr/lib/sftp-server ./usr/lib/libz.so.1 ./usr/lib/libcrypto.so.0.9.5 ./usr/lib/menu ./usr/lib/menu/zile ./usr/lib/postgresql ./usr/lib/postgresql/bin ./usr/lib/postgresql/bin/psql ./usr/lib/libpq.so.2 ./usr/lib/libpq.so.2.0 ./usr/lib/libpq.so.2.1 ./usr/share ./usr/share/zile ./usr/share/zile/HELP ./usr/share/zile/FAQ ./usr/share/zile/LATEST_VERSION ./usr/share/zile/HELPWIN ./usr/share/zile/TUTORIAL ./usr/share/zile/AUTODOC ./etc ./etc/nsswitch.conf ./etc/terminfo ./etc/terminfo/a ./etc/terminfo/a/ansi ./etc/terminfo/d ./etc/terminfo/d/dumb ./etc/terminfo/l ./etc/terminfo/l/linux ./etc/terminfo/r ./etc/terminfo/r/rxvt-m ./etc/terminfo/r/rxvt ./etc/terminfo/s ./etc/terminfo/s/screen ./etc/terminfo/s/screen-w ./etc/terminfo/s/sun ./etc/terminfo/v ./etc/terminfo/v/vt100 ./etc/terminfo/v/vt102 ./etc/terminfo/v/vt220 ./etc/terminfo/v/vt52 ./etc/terminfo/x ./etc/terminfo/x/xterm ./etc/terminfo/x/xterm-xfree86 ./etc/terminfo/x/xterm-debian ./etc/terminfo/x/xterm-basic ./etc/terminfo/x/xterm-mono ./etc/terminfo/x/xterm-r5 ./etc/terminfo/x/xterm-color ./etc/terminfo/x/xterm-r6 ./etc/terminfo/x/xterm-vt220 ./etc/terminfo/m ./etc/terminfo/m/mach-bold ./etc/terminfo/m/mach ./etc/terminfo/m/mach-color ./etc/terminfo/p ./etc/terminfo/p/pcansi ./etc/passwd -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com PGP signature
Re: Ssh + chroot
On Thu, 23 Aug 2001 11:19:58 +0100 Nick Phillips <[EMAIL PROTECTED]> wrote: > > Anyone having an Idea? > > Can't see that you got a response to this... you probably need the PAM > stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf > or other stuff in pam.d). > > Cheers, > > Thanks for this first response... I tried it (cp -r /etc/pam* /home/manu/etc/) but nothing happens, same error: "unknown user 1012". Maybe do I need to put some programs corresponding to pam (I'm not very closed to pam use...). Of course it's a pam problem. -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com PGP signature
Re: Ssh + chroot
> Anyone having an Idea? Can't see that you got a response to this... you probably need the PAM stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf or other stuff in pam.d). Cheers, Nick -- Nick Phillips -- [EMAIL PROTECTED] You will wish you hadn't. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Ssh + chroot
Hi, I used openssh-2.9p2-4 from sid, recompiled for potato, it works fine. After applying the chroot patch from the contrib directory, ssh sftp scp works fine with this new version on a standard user, but with a chrooted user in his home directory, only ssh and sftp works, scp doesn't works with the following error (1012 is the correct uid of the user): unknown user 1012 lost connection Anyone having an Idea? here is what I've in my home directory: ./bin ./bin/bash ./bin/cat ./bin/chmod ./bin/cp ./bin/date ./bin/df ./bin/echo ./bin/grep ./bin/gunzip ./bin/gzip ./bin/hostname ./bin/ln ./bin/ls ./bin/mkdir ./bin/mv ./bin/rm ./bin/rmdir ./bin/tar ./bin/touch ./bin/uncompress ./lib ./lib/libncurses.so.5 ./lib/libdl.so.2 ./lib/libc.so.6 ./lib/ld-linux.so.2 ./lib/libpam.so.0 ./lib/libwrap.so.0 ./lib/libnsl.so.1 ./lib/libutil.so.1 ./lib/libcrypt.so.1 ./usr ./usr/bin ./usr/bin/bzip2 ./usr/bin/emacs ./usr/bin/zip ./usr/bin/unzip ./usr/bin/zile ./usr/bin/scp ./usr/lib ./usr/lib/libbz2.so.0 ./usr/lib/sftp-server ./usr/lib/libz.so.1 ./usr/lib/libcrypto.so.0.9.5 ./usr/lib/menu ./usr/lib/menu/zile ./usr/share ./usr/share/zile ./usr/share/zile/HELP ./usr/share/zile/FAQ ./usr/share/zile/LATEST_VERSION ./usr/share/zile/HELPWIN ./usr/share/zile/TUTORIAL ./usr/share/zile/AUTODOC ./etc ./etc/terminfo ./etc/terminfo/a ./etc/terminfo/a/ansi ./etc/terminfo/d ./etc/terminfo/d/dumb ./etc/terminfo/l ./etc/terminfo/l/linux ./etc/terminfo/r ./etc/terminfo/r/rxvt-m ./etc/terminfo/r/rxvt ./etc/terminfo/s ./etc/terminfo/s/screen ./etc/terminfo/s/screen-w ./etc/terminfo/s/sun ./etc/terminfo/v ./etc/terminfo/v/vt100 ./etc/terminfo/v/vt102 ./etc/terminfo/v/vt220 ./etc/terminfo/v/vt52 ./etc/terminfo/x ./etc/terminfo/x/xterm ./etc/terminfo/x/xterm-xfree86 ./etc/terminfo/x/xterm-debian ./etc/terminfo/x/xterm-basic ./etc/terminfo/x/xterm-mono ./etc/terminfo/x/xterm-r5 ./etc/terminfo/x/xterm-color ./etc/terminfo/x/xterm-r6 ./etc/terminfo/x/xterm-vt220 ./etc/terminfo/m ./etc/terminfo/m/mach-bold ./etc/terminfo/m/mach ./etc/terminfo/m/mach-color ./etc/terminfo/p ./etc/terminfo/p/pcansi ./etc/passwd -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com pgpByA5zcMq4K.pgp Description: PGP signature
Ssh + chroot
Hi, I used openssh-2.9p2-4 from sid, recompiled for potato, it works fine. After applying the chroot patch from the contrib directory, ssh sftp scp works fine with this new version on a standard user, but with a chrooted user in his home directory, only ssh and sftp works, scp doesn't works with the following error (1012 is the correct uid of the user): unknown user 1012 lost connection Anyone having an Idea? here is what I've in my home directory: ./bin ./bin/bash ./bin/cat ./bin/chmod ./bin/cp ./bin/date ./bin/df ./bin/echo ./bin/grep ./bin/gunzip ./bin/gzip ./bin/hostname ./bin/ln ./bin/ls ./bin/mkdir ./bin/mv ./bin/rm ./bin/rmdir ./bin/tar ./bin/touch ./bin/uncompress ./lib ./lib/libncurses.so.5 ./lib/libdl.so.2 ./lib/libc.so.6 ./lib/ld-linux.so.2 ./lib/libpam.so.0 ./lib/libwrap.so.0 ./lib/libnsl.so.1 ./lib/libutil.so.1 ./lib/libcrypt.so.1 ./usr ./usr/bin ./usr/bin/bzip2 ./usr/bin/emacs ./usr/bin/zip ./usr/bin/unzip ./usr/bin/zile ./usr/bin/scp ./usr/lib ./usr/lib/libbz2.so.0 ./usr/lib/sftp-server ./usr/lib/libz.so.1 ./usr/lib/libcrypto.so.0.9.5 ./usr/lib/menu ./usr/lib/menu/zile ./usr/share ./usr/share/zile ./usr/share/zile/HELP ./usr/share/zile/FAQ ./usr/share/zile/LATEST_VERSION ./usr/share/zile/HELPWIN ./usr/share/zile/TUTORIAL ./usr/share/zile/AUTODOC ./etc ./etc/terminfo ./etc/terminfo/a ./etc/terminfo/a/ansi ./etc/terminfo/d ./etc/terminfo/d/dumb ./etc/terminfo/l ./etc/terminfo/l/linux ./etc/terminfo/r ./etc/terminfo/r/rxvt-m ./etc/terminfo/r/rxvt ./etc/terminfo/s ./etc/terminfo/s/screen ./etc/terminfo/s/screen-w ./etc/terminfo/s/sun ./etc/terminfo/v ./etc/terminfo/v/vt100 ./etc/terminfo/v/vt102 ./etc/terminfo/v/vt220 ./etc/terminfo/v/vt52 ./etc/terminfo/x ./etc/terminfo/x/xterm ./etc/terminfo/x/xterm-xfree86 ./etc/terminfo/x/xterm-debian ./etc/terminfo/x/xterm-basic ./etc/terminfo/x/xterm-mono ./etc/terminfo/x/xterm-r5 ./etc/terminfo/x/xterm-color ./etc/terminfo/x/xterm-r6 ./etc/terminfo/x/xterm-vt220 ./etc/terminfo/m ./etc/terminfo/m/mach-bold ./etc/terminfo/m/mach ./etc/terminfo/m/mach-color ./etc/terminfo/p ./etc/terminfo/p/pcansi ./etc/passwd -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com PGP signature