Re: Login attempt for nonexistent user
Hi Matt,
Yes you are right, with strace i see missing files :
03 open("/usr/lib/libnss_compat.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No
such file or directory)
103 stat64("/usr/lib", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
103 open("/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such
file or directory)
103 open("/usr/lib/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No
such file or directory)
I build glibc-2.22 and install lib in my UDOO's rootfs
After that, dropbear is working nice :
118 open("/usr/lib/libnss_compat.so.2", O_RDONLY|O_CLOEXEC) = 7
118 read(7,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0x\r\0\0004\0\0\0T\257\1\0\2\4\0\0054\0"...,
512) = 512
118 fstat64(7, {st_mode=S_IFREG|0755, st_size=111940, ...}) = 0
118 mmap2(NULL, 86620, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 7, 0)
= 0x76d6
118 mprotect(0x76d64000, 65536, PROT_NONE) = 0
118 mmap2(0x76d74000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 7, 0x4000) = 0x76d74000
118 close(7) = 0
Thanks a lot Matt
I just have one question about dropbear_dss_host_key & dropbear_rsa_host_key
I don't why we need to generate these keys ?
We normally only need public key from client in authorized_key file ?
Have a nice week
Laurent
Le mercredi 31 octobre 2018 à 14:35:44 UTC+1, Matt Johnston a
écrit :
Hi Laurent,
My best guess is that it was built on lubuntu which uses glibc, but the Udoo
board doesn't have the required /lib/somewhere/libnss*.so libraries - those get
chosen at runtime based on /etc/nsswitch.conf. Building using a uclibc cross
compiler would avoid that - how did you build it? Also which distribution does
Udoo use?
If you can install strace on the Udoo board you can see what files are being
tried with
strace -f -F -o logfile -s 300 dropbear -vFE
Cheers,
Matt
> On Tue 30/10/2018, at 5:28 pm, Laurent Bourdel wrote:
>
>
>
>
> with correct subject :
>
> Hi,I fail to login with ssh client to dropboxI use Udoo ARM board with
> busybox to install ssh serverI cross compiled dropbear under VirtualBox
> lubuntu and install binary to board ( /bin & /sbin)I generate RSA key
> (ssh-keygen -t rsa ) under lubuntu and copied content to
> /home/root/.ssh/authorized_keys on Udoo boardI run on Udoo board : dropbear
> -vFEOn VM lubuntu : ssh -vvv root@192.168.0.2I add trace on dropbear sources
> and found problem come with function getpwnam to read /etc/password with
> errno=0;pw = getpwnam(username);dropbear_log(LOG_WARNING,"LBR %s %d
> %s",__FILE__ ,__LINE__, strerror(errno));if (!pw) {return;}[157] Jan 01
> 01:06:50 LBR common-session.c 595 No such file or directory
Re: Login attempt for nonexistent user
Hi Laurent,
My best guess is that it was built on lubuntu which uses glibc, but the Udoo
board doesn't have the required /lib/somewhere/libnss*.so libraries - those get
chosen at runtime based on /etc/nsswitch.conf. Building using a uclibc cross
compiler would avoid that - how did you build it? Also which distribution does
Udoo use?
If you can install strace on the Udoo board you can see what files are being
tried with
strace -f -F -o logfile -s 300 dropbear -vFE
Cheers,
Matt
> On Tue 30/10/2018, at 5:28 pm, Laurent Bourdel wrote:
>
>
> with correct subject :
>
> Hi,
>
> I fail to login with ssh client to dropbox
>
> I use Udoo ARM board with busybox to install ssh server
>
> I cross compiled dropbear under VirtualBox lubuntu and install binary to
> board ( /bin & /sbin)
>
> I generate RSA key (ssh-keygen -t rsa ) under lubuntu and copied content to
> /home/root/.ssh/authorized_keys on Udoo board
>
> I run on Udoo board : dropbear -vFE
>
> On VM lubuntu : ssh -vvv root@192.168.0.2
>
> I add trace on dropbear sources and found problem come with function getpwnam
> to read /etc/password with
>
> errno=0;
> pw = getpwnam(username);
>
> dropbear_log(LOG_WARNING,"LBR %s %d %s",__FILE__ ,__LINE__, strerror(errno));
> if (!pw) {
> return;
> }
>
> [157] Jan 01 01:06:50 LBR common-session.c 595 No such file or directory
Re: Login attempt for nonexistent user on Alpine Linux
* Hugo Genesse [2017-12-01 18:57:02 +]: > > -vvv on dropbear doesn't seem to be a valid option: > > 67b4c38f79c6:/usr/lib# /root/dropbear -R -E -vvv > Invalid option -v > > Is my command correct? > ah -v is only supported if dropbear is built with CFLAGS=-DDEBUG_TRACE
Re: Login attempt for nonexistent user on Alpine Linux
-vvv on dropbear doesn't seem to be a valid option: 67b4c38f79c6:/usr/lib# /root/dropbear -R -E -vvv Invalid option -v Is my command correct? Szabolcs Nagy a écrit : * Hugo Genesse [2017-12-01 17:07:25 +]: First, thanks for your replies. I created another account: admin:x:100:65533:Linux User,,,:/home/admin:/bin/ash Here is the output of with -vvv: you added -vvv on the client side instead of the server where the problem is... debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password admin@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. admin@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. admin@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. admin@127.0.0.1: Permission denied (publickey,password). and in the dropbear logs I still get: [67] Dec 01 17:03:47 Child connection from :40878 [67] Dec 01 17:03:47 Login attempt for nonexistent user from [...] make it more verbose, you will see what part of the user lookup fails. I saw that I could create a configuration file in /etc/dropbear to allow root logins by it seems to be enabled by default and I would prefer just drop a binary on the device to enable ssh without changes to the system. Here is the openwrt page I'm referring: https://wiki.openwrt.org/doc/uci/dropbear Thanks! "Daniel." a écrit : > Can you log in with another user? The root login may be disabled by > security reasons. > > 2017-12-01 13:01 GMT-02:00 Szabolcs Nagy : > > > * Hugo Genesse [2017-12-01 04:51:08 +]: > > > I've been trying to use dropbear (compiled myself statically with > > > ./configure; make STATIC=1) on a Alpine Linux Docker container (Linux > > > 4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not > > > mistaken). I run dropbear like this: "./dropbear -R" and can't login with > > > proper credentials. With the "-E" switch I get the following: > > > > > > /root/dropbear -R -E > > > [59] Dec 01 04:31:32 Running in background > > > [60] Dec 01 04:31:36 Child connection from > > > [60] Dec 01 04:31:36 Login attempt for nonexistent user from > > > > > > > i think you can use -vvv to see more detailed debug messages > > > > > > -- > “If you're going to try, go all the way. Otherwise, don't even start. ..." > Charles Bukowski
Re: Login attempt for nonexistent user on Alpine Linux
* Matt Johnston [2017-12-01 16:53:33 +]: > Statically linking glibc isn't sufficient to make it's not glibc if it's on alpine linux
Re: Login attempt for nonexistent user on Alpine Linux
* Hugo Genesse [2017-12-01 17:07:25 +]: > > First, thanks for your replies. I created another account: > > admin:x:100:65533:Linux User,,,:/home/admin:/bin/ash > > Here is the output of with -vvv: > you added -vvv on the client side instead of the server where the problem is... > debug3: authmethod_lookup password > debug3: remaining preferred: ,password > debug3: authmethod_is_enabled password > debug1: Next authentication method: password > admin@127.0.0.1's password: > debug3: send packet: type 50 > debug2: we sent a password packet, wait for reply > debug3: receive packet: type 51 > debug1: Authentications that can continue: publickey,password > Permission denied, please try again. > admin@127.0.0.1's password: > debug3: send packet: type 50 > debug2: we sent a password packet, wait for reply > debug3: receive packet: type 51 > debug1: Authentications that can continue: publickey,password > Permission denied, please try again. > admin@127.0.0.1's password: > debug3: send packet: type 50 > debug2: we sent a password packet, wait for reply > debug3: receive packet: type 51 > debug1: Authentications that can continue: publickey,password > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > admin@127.0.0.1: Permission denied (publickey,password). > > and in the dropbear logs I still get: > > [67] Dec 01 17:03:47 Child connection from :40878 > [67] Dec 01 17:03:47 Login attempt for nonexistent user from > [...] > make it more verbose, you will see what part of the user lookup fails. > I saw that I could create a configuration file in /etc/dropbear to allow > root logins by it seems to be enabled by default and I would prefer just > drop a binary on the device to enable ssh without changes to the system. > Here is the openwrt page I'm referring: > https://wiki.openwrt.org/doc/uci/dropbear > > Thanks! > > "Daniel." a écrit : > > > Can you log in with another user? The root login may be disabled by > > security reasons. > > > > 2017-12-01 13:01 GMT-02:00 Szabolcs Nagy : > > > > > * Hugo Genesse [2017-12-01 04:51:08 +]: > > > > I've been trying to use dropbear (compiled myself statically with > > > > ./configure; make STATIC=1) on a Alpine Linux Docker container (Linux > > > > 4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not > > > > mistaken). I run dropbear like this: "./dropbear -R" and can't login > > > > with > > > > proper credentials. With the "-E" switch I get the following: > > > > > > > > /root/dropbear -R -E > > > > [59] Dec 01 04:31:32 Running in background > > > > [60] Dec 01 04:31:36 Child connection from > > > > [60] Dec 01 04:31:36 Login attempt for nonexistent user from > > > > > > > > > > i think you can use -vvv to see more detailed debug messages > > > > > > > > > > > -- > > “If you're going to try, go all the way. Otherwise, don't even start. ..." > > Charles Bukowski > >
Re: Login attempt for nonexistent user on Alpine Linux
Hi! First, thanks for your replies. I created another account: admin:x:100:65533:Linux User,,,:/home/admin:/bin/ash Here is the output of with -vvv: debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password admin@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. admin@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password Permission denied, please try again. admin@127.0.0.1's password: debug3: send packet: type 50 debug2: we sent a password packet, wait for reply debug3: receive packet: type 51 debug1: Authentications that can continue: publickey,password debug2: we did not send a packet, disable method debug1: No more authentication methods to try. admin@127.0.0.1: Permission denied (publickey,password). and in the dropbear logs I still get: [67] Dec 01 17:03:47 Child connection from :40878 [67] Dec 01 17:03:47 Login attempt for nonexistent user from [...] I saw that I could create a configuration file in /etc/dropbear to allow root logins by it seems to be enabled by default and I would prefer just drop a binary on the device to enable ssh without changes to the system. Here is the openwrt page I'm referring: https://wiki.openwrt.org/doc/uci/dropbear Thanks! "Daniel." a écrit : Can you log in with another user? The root login may be disabled by security reasons. 2017-12-01 13:01 GMT-02:00 Szabolcs Nagy : * Hugo Genesse [2017-12-01 04:51:08 +]: > I've been trying to use dropbear (compiled myself statically with > ./configure; make STATIC=1) on a Alpine Linux Docker container (Linux > 4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not > mistaken). I run dropbear like this: "./dropbear -R" and can't login with > proper credentials. With the "-E" switch I get the following: > > /root/dropbear -R -E > [59] Dec 01 04:31:32 Running in background > [60] Dec 01 04:31:36 Child connection from > [60] Dec 01 04:31:36 Login attempt for nonexistent user from > i think you can use -vvv to see more detailed debug messages -- “If you're going to try, go all the way. Otherwise, don't even start. ..." Charles Bukowski
Re: Login attempt for nonexistent user on Alpine Linux
Hi Hugo, Statically linking glibc isn't sufficient to make it standalone, you need to copy the libnss libraries - glibc looks for those at runtime. Another option is to build against musl libc instead. Cheers, Matt On 1 December 2017 12:51:08 pm AWST, Hugo Genesse wrote: > >Hi! > >I've been trying to use dropbear (compiled myself statically with >./configure; make STATIC=1) on a Alpine Linux Docker container (Linux >4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not >mistaken). I run dropbear like this: "./dropbear -R" and can't login >with proper credentials. With the "-E" switch I get the following: > > /root/dropbear -R -E >[59] Dec 01 04:31:32 Running in background >[60] Dec 01 04:31:36 Child connection from >[60] Dec 01 04:31:36 Login attempt for nonexistent user from > >My credentials are right and the command to connect is: "ssh >root@127.0.0.1" (the port is properly forwarded to the container). >With the ssh client verbose option I get: > >debug1: Next authentication method: password >root@127.0.0.1's password: >debug1: Authentications that can continue: publickey,password >Permission denied, please try again. >root@127.0.0.1's password: >debug1: Authentications that can continue: publickey,password >Permission denied, please try again. >root@127.0.0.1's password: >debug1: Authentications that can continue: publickey,password >debug1: No more authentication methods to try. >root@127.0.0.1: Permission denied (publickey,password). > >and the root account exists as you can see here: > >cat /etc/passwd >root:x:0:0:root:/root:/bin/ash >[...] > >I've seen issues that seem similar on the web: >https://lists.debian.org/debian-arm/2012/06/msg00056.html >The ones I found were fixed by copying libnss to another location but >shouldn't a statically dropbear already solve this problem? > >I also have telnet activated and I can login with root (don't worry >this won't be put into production, it is for demonstration purposes >only). > >Is there any other things I should check or modify to be able to login > >with dropbear? > >Thanks!
Re: Login attempt for nonexistent user on Alpine Linux
Can you log in with another user? The root login may be disabled by security reasons. 2017-12-01 13:01 GMT-02:00 Szabolcs Nagy : > * Hugo Genesse [2017-12-01 04:51:08 +]: > > I've been trying to use dropbear (compiled myself statically with > > ./configure; make STATIC=1) on a Alpine Linux Docker container (Linux > > 4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not > > mistaken). I run dropbear like this: "./dropbear -R" and can't login with > > proper credentials. With the "-E" switch I get the following: > > > > /root/dropbear -R -E > > [59] Dec 01 04:31:32 Running in background > > [60] Dec 01 04:31:36 Child connection from > > [60] Dec 01 04:31:36 Login attempt for nonexistent user from > > > > i think you can use -vvv to see more detailed debug messages > -- “If you're going to try, go all the way. Otherwise, don't even start. ..." Charles Bukowski
Re: Login attempt for nonexistent user on Alpine Linux
* Hugo Genesse [2017-12-01 04:51:08 +]: > I've been trying to use dropbear (compiled myself statically with > ./configure; make STATIC=1) on a Alpine Linux Docker container (Linux > 4.13.12-1-ARCH) with the latest Alpine Docker image (3.6 if I'm not > mistaken). I run dropbear like this: "./dropbear -R" and can't login with > proper credentials. With the "-E" switch I get the following: > > /root/dropbear -R -E > [59] Dec 01 04:31:32 Running in background > [60] Dec 01 04:31:36 Child connection from > [60] Dec 01 04:31:36 Login attempt for nonexistent user from > i think you can use -vvv to see more detailed debug messages
RE: Login attempt for nonexistent user
> Dropbear starts up fine with dropbear -E. But when I try to log in, dropbear > complains: > Login attempt for nonexistent user from 192.168.211.1:3186 Ok, I found the solution myself. Basically, libnsl is needed as well, in addition to libnss. Just in case anyone else stumbles over the same issue, here is the minimal set of libraries that are needed: ld-linux.so.2 libc.so.6 libcrypt.so.1 libm.so.6 libnsl.so.1 libnss_compat.so.2 libutil.so.1 libz.so.1 Cheers, Chris
Re: login attempt for nonexistent user
Luciano Miguel Ferreira Rocha wrote: On Mon, Mar 19, 2007 at 05:14:36PM +0100, Andre Haupt wrote: Hi all, I am using dropbear on an embedded arm board. I compiled with MULTI=1. I start the server with ./dropbear as root. When i try to connect with ssh [EMAIL PROTECTED] a login prompt appears. The password i enter at the prompt is not accepted by dropbear. It complains with the following error message in /var/log/messages: login attempt for nonexistent user from 192.168.0.3:32804 I am pretty sure the user root exists as i login via serial console as such. Telnet does work too, whereas i have similar problems to get bftpd to work. Check if you have /etc/nsswitch.conf and /lib/libnss_*. That was *exactly* the cause of my problems. Thank you so much! Best regards, Abdre
Re: login attempt for nonexistent user
On Mon, Mar 19, 2007 at 05:14:36PM +0100, Andre Haupt wrote: > Hi all, > > I am using dropbear on an embedded arm board. I compiled with MULTI=1. > > I start the server with ./dropbear as root. > > When i try to connect with ssh [EMAIL PROTECTED] a login prompt appears. > The password i enter at the prompt is not accepted by dropbear. > It complains with the following error message in /var/log/messages: > > login attempt for nonexistent user from 192.168.0.3:32804 > > I am pretty sure the user root exists as i login via serial console as > such. Telnet does work too, whereas i have similar problems to get bftpd > to work. > Check if you have /etc/nsswitch.conf and /lib/libnss_*. -- lfr 0/0 pgpGO5VzAlDrT.pgp Description: PGP signature
