HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Chrooted SSH (http://www.howtoforge.com/forums/showthread.php?t=57623)

kafmil 14th June 2012 08:56

Chrooted SSH
 
I have followed the instructions here, http://www.howtoforge.com/restrictin...debian-squeeze (and many many others) but can't seem to get this working. As soon as I add
Code:

Match User sshuser
      ChrootDirectory /chrootdir
      X11Forwarding no
      AllowTcpForwarding no

I get the errors below when I try to SSH in. I am running Centos 6. make_chroot_jail says I am missing a couple of libraries, but from what I have read they are 32bit, I am running 64. I just can't find anything useful on these errors.
Code:

sshd[22]: Accepted password for sshuser from 123.456.789.012 port 1234 ssh2
sshd[22]: pam_unix(sshd:session): session opened for user sshuser by (uid=0)
sshd[22]: User child is on pid 27
sshd[27]: Changed root directory to "/chrootdir"
sshd[27]: error: mm_receive_fd: no message header
sshd[27]: fatal: mm_pty_allocate: receive fds failed
sshd[27]: error: buffer_get_ret: trying to get more bytes 1 than in buffer 0
sshd[27]: error: buffer_get_char_ret: buffer_get_ret failed
sshd[27]: fatal: buffer_get_char: buffer error
sshd[22]: fatal: mm_request_receive: read: Connection reset by peer
sshd[22]: pam_unix(sshd:session): session closed for user sshuser

Any ideas out there?

falko 15th June 2012 13:15

What's your OpenSSH version? AFAIR you need a version newer than 4.8.

Is this a physical server or a virtual machine? If it's a virtual machine, you might have to increase RAM a bit.

Another guess: is SELinux active?

kafmil 18th June 2012 10:03

SE Linux
 
Looks like SE Linux is the culprit, thanks. For some reason though, I get
Code:

su: user root does not exist
when I try to su to the root account. Root is there in the passwd and shadow file, so it should work.

I am also having a lot of hassles getting SELinux to let me through, I am not turning SELinux off, sshd access must be configurable somehow. I will post back here if I figure it out.


All times are GMT +2. The time now is 09:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.