#1  
Old 13th July 2007, 13:30
kristaps kristaps is offline
Junior Member
 
Join Date: Jul 2006
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default SuSE chroot

Hi,

I fallowed chroot manual for debian.

With small modifications from forum I founded I can copy all what is needed for SuSE

If I’m starting this “chroot /home/chroot/ /bin/bash”
Then I’m receiving chrooted bach

With this one its not working “chroot /home/chroot/./home/testuser/ /bin/bash”
Saying: “chroot: cannot run command `/bin/bash': No such file or directory”
(I think that it should by that way)

Problems:
When I open ssh and type wrong credentials it works like expected – log is saying that password is wrong

When I type write credentials for normal log level it closes ssh connection with log level DEBUG3

I receive this:

Quote:
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: Accepted keyboard-interactive/pam for testuser from XX.XXX.XXX.XXX port 1548 ssh2
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug1: monitor_child_preauth: testuser has been authenticated by privileged process
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Waiting for new keys
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive_expect entering: type 24
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive entering
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_newkeys_from_blob: 0x80a85b0(139)
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug2: mac_init: found hmac-sha1
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Waiting for second key
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_newkeys_from_blob: 0x80a85b0(139)
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug2: mac_init: found hmac-sha1
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Getting compression state
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Getting Network I/O buffers
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_share_sync: Share sync
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_share_sync: Share sync end
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug2: User child is on pid 4591
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive entering
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: monitor_read: checking request 25
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_answer_pty entering
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug1: session_new: init
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug1: session_new: session 0
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_send entering: type 26
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_answer_pty: tty /dev/pts/5 ptyfd 4
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive entering
Reply With Quote
Sponsored Links
  #2  
Old 14th July 2007, 10:23
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

If you want to use chrooting in ISPConfig, you must enable it in /home/admispconfig/ispconfig/lib/config.inc.php, then every new or updated user is chrooted automatically. You do not have to create the chroot jail manually.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 14th July 2007, 21:55
kristaps kristaps is offline
Junior Member
 
Join Date: Jul 2006
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi,

Im not creating chroot manualy it whose just for debuging

Now I have new error at the end:

│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_request_send entering: type 26 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_answer_pty: tty /dev/pts/1 ptyfd 4 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_request_receive entering │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: monitor_read: checking request 27 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_answer_pty_cleanup entering │
│Jul 14 22:35:53 server1 sshd[11818]: debug1: session_by_tty: session 0 tty /dev/pts/1 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_session_close: session 0 pid 11823 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_session_close: tty /dev/pts/1 ptyfd 4 │
│Jul 14 22:35:53 server1 sshd[11818]: debug1: session_pty_cleanup: session 0 release /dev/pts/1 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_request_receive entering │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: monitor_read: checking request 58 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_answer_term: tearing down sessions │
│Jul 14 22:35:55 server1 sshd[6589]: debug2: channel 0: rcvd adjust 8268 │
│Jul 14 22:35:57 server1 sshd[6589]: debug2: channel 0: rcvd adjust 8609
Reply With Quote
  #4  
Old 16th July 2007, 09:39
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Please enable chrooting in /home/admispconfig/ispconfig/lib/config.inc.php and create a new user in ISPConfig and try to login with this user.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 16th July 2007, 09:56
kristaps kristaps is offline
Junior Member
 
Join Date: Jul 2006
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi,

Yes its already don bat when I’m connecting with that user and entering correct password ssh session is closing and I’m receiving log witch you can see in my previous post.

I think that its related with SuSE bat my skill is not so god to think it auth and log from ssh is not helping at all.

It seems that everything is at place chroot files are created I even can make chroot from local machine bat it’s not working thru ssh

Mea by someone more experience can point my to direction where I mast look because I’m auth of ideas.
Reply With Quote
  #6  
Old 18th July 2007, 13:58
kristaps kristaps is offline
Junior Member
 
Join Date: Jul 2006
Posts: 27
Thanks: 0
Thanked 2 Times in 2 Posts
Default

I solved this problem by creating secure telnet only for localhost connections only.
Reply With Quote
  #7  
Old 20th July 2007, 15:42
rafael-ec rafael-ec is offline
Member
 
Join Date: Jul 2007
Posts: 57
Thanks: 15
Thanked 6 Times in 4 Posts
 
Default

Quote:
Originally Posted by till
If you want to use chrooting in ISPConfig, you must enable it in /home/admispconfig/ispconfig/lib/config.inc.php, then every new or updated user is chrooted automatically. You do not have to create the chroot jail manually.
Would this cause any effect on the other websites I had created before? I like the chroot idea, but before testing, I thinks is save to ask I am not going to mess things up.

Thanks.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ispconfig on suse 10.1 and fedora core 5 dimas Installation/Configuration 1 13th August 2006 19:52
Updating of the SUSE 9.3 system bogdinator Installation/Configuration 1 7th March 2006 13:45
ssh chroot works, but no scp for chroot users zokahn HOWTO-Related Questions 5 30th January 2006 09:33
Which Apt files to use for Suse 10.0 ? (perfect Suse 9.3) alphenit HOWTO-Related Questions 4 17th January 2006 13:37
Suse 9.3 - Setting up the basics (File and Print Services) creativehook Suggest HOWTO 1 16th October 2005 20:50


All times are GMT +2. The time now is 12:54.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.