Re: ssh chroot on debian documentation

[Loïc Minier]

 Regards,

Robert Vangel <[EMAIL PROTECTED]> - Tue, Nov 02, 2004:

> Can people please be more careful when creating new messages, not to hit
> reply to a message then removing everything & starting again.

 Because it breaks the natural flow of conversation.

 Why is top-posting so bad?

-- 
Loïc Minier <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ssh chroot on debian documentation

[Robert Vangel]

Can people please be more careful when creating new messages, not to hit
reply to a message then removing everything & starting again.
This does play up with clients that follow standards and do threading
through headers passed on by other compliant clients, rather than just
threading as-per subjects.
Thanks.
Vincent Tantardini wrote:
Hello,
I juste write a little documentation about how I create a chrooted environment
for ssh, you can find the doc at: 
http://vince.kerneled.org/files/ssh_chroot.txt

Please, give me some comments about the method I adopt here.
Regards,

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: ssh chroot on debian documentation

[Raffaele D'Elia]

-Original Message-
From: Vincent Tantardini <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: Tue, 2 Nov 2004 08:03:43 +0100
Subject: ssh chroot on debian documentation

> Hello,
> I juste write a little documentation about how I create a chrooted
> environment
> for ssh, you can find the doc at: 
> http://vince.kerneled.org/files/ssh_chroot.txt
> 
> Please, give me some comments about the method I adopt here.
> 
> Regards,
 
Is ssh chrooted useful?

The only useful thing I can realize: require an ssh login into a machine
with 2 nics and open another ssh session. In this way I have to exploit 2
sshd instead of one to get into... Mah.

Am I missing something?

Bye.
Radel


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

ssh chroot on debian documentation

[Vincent Tantardini]

Hello,
I juste write a little documentation about how I create a chrooted environment
for ssh, you can find the doc at: 
http://vince.kerneled.org/files/ssh_chroot.txt

Please, give me some comments about the method I adopt here.

Regards,

-- 
Vincent Tantardini <[EMAIL PROTECTED]>
Kerneled opensource collabiration - http://kerneled.org/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Ssh + chroot

[Emmanuel Lacour]

On Thu, 23 Aug 2001 13:26:45 +0200
Michael Wood <[EMAIL PROTECTED]> wrote:


> I haven't been following the thread.  Do you get the message as
> soon as you run sshd or just when someone tries to log in?
> 

I get the message when I try to do an scp from local to the chrooted host(as it 
must run scp in the chroot). But no problem with ssh or sftp.

> 
> If you get the error when trying to start sshd, you can try
> something like this:
> 
> strace sshd
> or
> strace -eopen sshd
> or
> strace sshd 2>&1 | less
> etc.
> 
> That might give you more of an idea of what sshd can't find.


Thanks!!! It works, strace said me that I need to put /lib/libnss_files.so.2 
and /lib/libnss_compat.so.2




Thanks to you Mickael and Nick and ... strace.

So now here is the content of my chroot to make ssh,scp,sftp and some other 
stuff to work.

If someone shows something he thinks it's a very bad idea to have it in a 
chroot, please let me know it.

Manu.

./bin
./bin/bash
./bin/cat
./bin/chmod
./bin/cp
./bin/date
./bin/df
./bin/echo
./bin/grep
./bin/gunzip
./bin/gzip
./bin/hostname
./bin/ln
./bin/ls
./bin/mkdir
./bin/mv
./bin/rm
./bin/rmdir
./bin/tar
./bin/touch
./bin/uncompress
./bin/gdb
./lib
./lib/libncurses.so.5
./lib/libdl.so.2
./lib/libc.so.6
./lib/ld-linux.so.2
./lib/libpam.so.0
./lib/libwrap.so.0
./lib/libnsl.so.1
./lib/libutil.so.1
./lib/libcrypt.so.1
./lib/libncurses.so.4
./lib/libm.so.6
./lib/libnss_files.so.2
./lib/libnss_compat.so.2
./usr
./usr/bin
./usr/bin/bzip2
./usr/bin/emacs
./usr/bin/zip
./usr/bin/unzip
./usr/bin/zile
./usr/bin/scp
./usr/bin/psql
./usr/lib
./usr/lib/libbz2.so.0
./usr/lib/sftp-server
./usr/lib/libz.so.1
./usr/lib/libcrypto.so.0.9.5
./usr/lib/menu
./usr/lib/menu/zile
./usr/lib/postgresql
./usr/lib/postgresql/bin
./usr/lib/postgresql/bin/psql
./usr/lib/libpq.so.2
./usr/lib/libpq.so.2.0
./usr/lib/libpq.so.2.1
./usr/share
./usr/share/zile
./usr/share/zile/HELP
./usr/share/zile/FAQ
./usr/share/zile/LATEST_VERSION
./usr/share/zile/HELPWIN
./usr/share/zile/TUTORIAL
./usr/share/zile/AUTODOC
./etc
./etc/nsswitch.conf
./etc/terminfo
./etc/terminfo/a
./etc/terminfo/a/ansi
./etc/terminfo/d
./etc/terminfo/d/dumb
./etc/terminfo/l
./etc/terminfo/l/linux
./etc/terminfo/r
./etc/terminfo/r/rxvt-m
./etc/terminfo/r/rxvt
./etc/terminfo/s
./etc/terminfo/s/screen
./etc/terminfo/s/screen-w
./etc/terminfo/s/sun
./etc/terminfo/v
./etc/terminfo/v/vt100
./etc/terminfo/v/vt102
./etc/terminfo/v/vt220
./etc/terminfo/v/vt52
./etc/terminfo/x
./etc/terminfo/x/xterm
./etc/terminfo/x/xterm-xfree86
./etc/terminfo/x/xterm-debian
./etc/terminfo/x/xterm-basic
./etc/terminfo/x/xterm-mono
./etc/terminfo/x/xterm-r5
./etc/terminfo/x/xterm-color
./etc/terminfo/x/xterm-r6
./etc/terminfo/x/xterm-vt220
./etc/terminfo/m
./etc/terminfo/m/mach-bold
./etc/terminfo/m/mach
./etc/terminfo/m/mach-color
./etc/terminfo/p
./etc/terminfo/p/pcansi
./etc/passwd




-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com


pgpv7fIFumzh8.pgp
Description: PGP signature

Re: Ssh + chroot

[Emmanuel Lacour]

On Thu, 23 Aug 2001 11:19:58 +0100
Nick Phillips <[EMAIL PROTECTED]> wrote:

> > Anyone having an Idea?
> 
> Can't see that you got a response to this... you probably need the PAM
> stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
> or other stuff in pam.d).
> 
> Cheers,
> 
> 

Thanks for this first response...

I tried it (cp -r /etc/pam* /home/manu/etc/) but nothing happens, same error: 
"unknown user 1012". Maybe do I need to put some programs corresponding to pam 
(I'm not very closed to pam use...). Of course it's a pam problem.



-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com


pgppYnOyMScyA.pgp
Description: PGP signature

Re: Ssh + chroot

[Nick Phillips]

> Anyone having an Idea?

Can't see that you got a response to this... you probably need the PAM
stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
or other stuff in pam.d).

Cheers,


Nick

-- 
Nick Phillips -- [EMAIL PROTECTED]
You will wish you hadn't.

Re: Ssh + chroot

[Emmanuel Lacour]

On Thu, 23 Aug 2001 13:26:45 +0200
Michael Wood <[EMAIL PROTECTED]> wrote:


> I haven't been following the thread.  Do you get the message as
> soon as you run sshd or just when someone tries to log in?
> 

I get the message when I try to do an scp from local to the chrooted host(as it must 
run scp in the chroot). But no problem with ssh or sftp.

> 
> If you get the error when trying to start sshd, you can try
> something like this:
> 
> strace sshd
> or
> strace -eopen sshd
> or
> strace sshd 2>&1 | less
> etc.
> 
> That might give you more of an idea of what sshd can't find.


Thanks!!! It works, strace said me that I need to put /lib/libnss_files.so.2 and 
/lib/libnss_compat.so.2




Thanks to you Mickael and Nick and ... strace.

So now here is the content of my chroot to make ssh,scp,sftp and some other stuff to 
work.

If someone shows something he thinks it's a very bad idea to have it in a chroot, 
please let me know it.

Manu.

./bin
./bin/bash
./bin/cat
./bin/chmod
./bin/cp
./bin/date
./bin/df
./bin/echo
./bin/grep
./bin/gunzip
./bin/gzip
./bin/hostname
./bin/ln
./bin/ls
./bin/mkdir
./bin/mv
./bin/rm
./bin/rmdir
./bin/tar
./bin/touch
./bin/uncompress
./bin/gdb
./lib
./lib/libncurses.so.5
./lib/libdl.so.2
./lib/libc.so.6
./lib/ld-linux.so.2
./lib/libpam.so.0
./lib/libwrap.so.0
./lib/libnsl.so.1
./lib/libutil.so.1
./lib/libcrypt.so.1
./lib/libncurses.so.4
./lib/libm.so.6
./lib/libnss_files.so.2
./lib/libnss_compat.so.2
./usr
./usr/bin
./usr/bin/bzip2
./usr/bin/emacs
./usr/bin/zip
./usr/bin/unzip
./usr/bin/zile
./usr/bin/scp
./usr/bin/psql
./usr/lib
./usr/lib/libbz2.so.0
./usr/lib/sftp-server
./usr/lib/libz.so.1
./usr/lib/libcrypto.so.0.9.5
./usr/lib/menu
./usr/lib/menu/zile
./usr/lib/postgresql
./usr/lib/postgresql/bin
./usr/lib/postgresql/bin/psql
./usr/lib/libpq.so.2
./usr/lib/libpq.so.2.0
./usr/lib/libpq.so.2.1
./usr/share
./usr/share/zile
./usr/share/zile/HELP
./usr/share/zile/FAQ
./usr/share/zile/LATEST_VERSION
./usr/share/zile/HELPWIN
./usr/share/zile/TUTORIAL
./usr/share/zile/AUTODOC
./etc
./etc/nsswitch.conf
./etc/terminfo
./etc/terminfo/a
./etc/terminfo/a/ansi
./etc/terminfo/d
./etc/terminfo/d/dumb
./etc/terminfo/l
./etc/terminfo/l/linux
./etc/terminfo/r
./etc/terminfo/r/rxvt-m
./etc/terminfo/r/rxvt
./etc/terminfo/s
./etc/terminfo/s/screen
./etc/terminfo/s/screen-w
./etc/terminfo/s/sun
./etc/terminfo/v
./etc/terminfo/v/vt100
./etc/terminfo/v/vt102
./etc/terminfo/v/vt220
./etc/terminfo/v/vt52
./etc/terminfo/x
./etc/terminfo/x/xterm
./etc/terminfo/x/xterm-xfree86
./etc/terminfo/x/xterm-debian
./etc/terminfo/x/xterm-basic
./etc/terminfo/x/xterm-mono
./etc/terminfo/x/xterm-r5
./etc/terminfo/x/xterm-color
./etc/terminfo/x/xterm-r6
./etc/terminfo/x/xterm-vt220
./etc/terminfo/m
./etc/terminfo/m/mach-bold
./etc/terminfo/m/mach
./etc/terminfo/m/mach-color
./etc/terminfo/p
./etc/terminfo/p/pcansi
./etc/passwd




-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com

 PGP signature

Re: Ssh + chroot

[Emmanuel Lacour]

On Thu, 23 Aug 2001 11:19:58 +0100
Nick Phillips <[EMAIL PROTECTED]> wrote:

> > Anyone having an Idea?
> 
> Can't see that you got a response to this... you probably need the PAM
> stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
> or other stuff in pam.d).
> 
> Cheers,
> 
> 

Thanks for this first response...

I tried it (cp -r /etc/pam* /home/manu/etc/) but nothing happens, same error: "unknown 
user 1012". Maybe do I need to put some programs corresponding to pam (I'm not very 
closed to pam use...). Of course it's a pam problem.



-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com

 PGP signature

Re: Ssh + chroot

[Nick Phillips]

> Anyone having an Idea?

Can't see that you got a response to this... you probably need the PAM
stuff in the chroot (most likely just /etc/pam.d/ssh, but maybe /etc/pam.conf
or other stuff in pam.d).

Cheers,


Nick

-- 
Nick Phillips -- [EMAIL PROTECTED]
You will wish you hadn't.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Ssh + chroot

[Emmanuel Lacour]

Hi,


I used openssh-2.9p2-4 from sid, recompiled for potato, it works fine. After 
applying the chroot patch from the contrib directory, ssh sftp scp works fine 
with this new version on a standard user, but with a chrooted user in his home 
directory, only ssh and sftp works, scp doesn't works with the following error 
(1012 is the correct uid of the user):

unknown user 1012
lost connection

Anyone having an Idea?

here is what I've in my home directory:


./bin
./bin/bash
./bin/cat
./bin/chmod
./bin/cp
./bin/date
./bin/df
./bin/echo
./bin/grep
./bin/gunzip
./bin/gzip
./bin/hostname
./bin/ln
./bin/ls
./bin/mkdir
./bin/mv
./bin/rm
./bin/rmdir
./bin/tar
./bin/touch
./bin/uncompress
./lib
./lib/libncurses.so.5
./lib/libdl.so.2
./lib/libc.so.6
./lib/ld-linux.so.2
./lib/libpam.so.0
./lib/libwrap.so.0
./lib/libnsl.so.1
./lib/libutil.so.1
./lib/libcrypt.so.1
./usr
./usr/bin
./usr/bin/bzip2
./usr/bin/emacs
./usr/bin/zip
./usr/bin/unzip
./usr/bin/zile
./usr/bin/scp
./usr/lib
./usr/lib/libbz2.so.0
./usr/lib/sftp-server
./usr/lib/libz.so.1
./usr/lib/libcrypto.so.0.9.5
./usr/lib/menu
./usr/lib/menu/zile
./usr/share
./usr/share/zile
./usr/share/zile/HELP
./usr/share/zile/FAQ
./usr/share/zile/LATEST_VERSION
./usr/share/zile/HELPWIN
./usr/share/zile/TUTORIAL
./usr/share/zile/AUTODOC
./etc
./etc/terminfo
./etc/terminfo/a
./etc/terminfo/a/ansi
./etc/terminfo/d
./etc/terminfo/d/dumb
./etc/terminfo/l
./etc/terminfo/l/linux
./etc/terminfo/r
./etc/terminfo/r/rxvt-m
./etc/terminfo/r/rxvt
./etc/terminfo/s
./etc/terminfo/s/screen
./etc/terminfo/s/screen-w
./etc/terminfo/s/sun
./etc/terminfo/v
./etc/terminfo/v/vt100
./etc/terminfo/v/vt102
./etc/terminfo/v/vt220
./etc/terminfo/v/vt52
./etc/terminfo/x
./etc/terminfo/x/xterm
./etc/terminfo/x/xterm-xfree86
./etc/terminfo/x/xterm-debian
./etc/terminfo/x/xterm-basic
./etc/terminfo/x/xterm-mono
./etc/terminfo/x/xterm-r5
./etc/terminfo/x/xterm-color
./etc/terminfo/x/xterm-r6
./etc/terminfo/x/xterm-vt220
./etc/terminfo/m
./etc/terminfo/m/mach-bold
./etc/terminfo/m/mach
./etc/terminfo/m/mach-color
./etc/terminfo/p
./etc/terminfo/p/pcansi
./etc/passwd




-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com


pgpByA5zcMq4K.pgp
Description: PGP signature

Ssh + chroot

[Emmanuel Lacour]

Hi,


I used openssh-2.9p2-4 from sid, recompiled for potato, it works fine. After applying 
the chroot patch from the contrib directory, ssh sftp scp works fine with this new 
version on a standard user, but with a chrooted user in his home directory, only ssh 
and sftp works, scp doesn't works with the following error (1012 is the correct uid of 
the user):

unknown user 1012
lost connection

Anyone having an Idea?

here is what I've in my home directory:


./bin
./bin/bash
./bin/cat
./bin/chmod
./bin/cp
./bin/date
./bin/df
./bin/echo
./bin/grep
./bin/gunzip
./bin/gzip
./bin/hostname
./bin/ln
./bin/ls
./bin/mkdir
./bin/mv
./bin/rm
./bin/rmdir
./bin/tar
./bin/touch
./bin/uncompress
./lib
./lib/libncurses.so.5
./lib/libdl.so.2
./lib/libc.so.6
./lib/ld-linux.so.2
./lib/libpam.so.0
./lib/libwrap.so.0
./lib/libnsl.so.1
./lib/libutil.so.1
./lib/libcrypt.so.1
./usr
./usr/bin
./usr/bin/bzip2
./usr/bin/emacs
./usr/bin/zip
./usr/bin/unzip
./usr/bin/zile
./usr/bin/scp
./usr/lib
./usr/lib/libbz2.so.0
./usr/lib/sftp-server
./usr/lib/libz.so.1
./usr/lib/libcrypto.so.0.9.5
./usr/lib/menu
./usr/lib/menu/zile
./usr/share
./usr/share/zile
./usr/share/zile/HELP
./usr/share/zile/FAQ
./usr/share/zile/LATEST_VERSION
./usr/share/zile/HELPWIN
./usr/share/zile/TUTORIAL
./usr/share/zile/AUTODOC
./etc
./etc/terminfo
./etc/terminfo/a
./etc/terminfo/a/ansi
./etc/terminfo/d
./etc/terminfo/d/dumb
./etc/terminfo/l
./etc/terminfo/l/linux
./etc/terminfo/r
./etc/terminfo/r/rxvt-m
./etc/terminfo/r/rxvt
./etc/terminfo/s
./etc/terminfo/s/screen
./etc/terminfo/s/screen-w
./etc/terminfo/s/sun
./etc/terminfo/v
./etc/terminfo/v/vt100
./etc/terminfo/v/vt102
./etc/terminfo/v/vt220
./etc/terminfo/v/vt52
./etc/terminfo/x
./etc/terminfo/x/xterm
./etc/terminfo/x/xterm-xfree86
./etc/terminfo/x/xterm-debian
./etc/terminfo/x/xterm-basic
./etc/terminfo/x/xterm-mono
./etc/terminfo/x/xterm-r5
./etc/terminfo/x/xterm-color
./etc/terminfo/x/xterm-r6
./etc/terminfo/x/xterm-vt220
./etc/terminfo/m
./etc/terminfo/m/mach-bold
./etc/terminfo/m/mach
./etc/terminfo/m/mach-color
./etc/terminfo/p
./etc/terminfo/p/pcansi
./etc/passwd




-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com

 PGP signature