SuSE chroot

[kristaps]

Hi,

I fallowed chroot manual for debian.

With small modifications from forum I founded I can copy all what is needed for SuSE

If I’m starting this “chroot /home/chroot/ /bin/bash”
Then I’m receiving chrooted bach

With this one its not working “chroot /home/chroot/./home/testuser/ /bin/bash”
Saying: “chroot: cannot run command `/bin/bash': No such file or directory”
(I think that it should by that way)

Problems:
When I open ssh and type wrong credentials it works like expected – log is saying that password is wrong

When I type write credentials for normal log level it closes ssh connection with log level DEBUG3

I receive this:

Quote:

/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: Accepted keyboard-interactive/pam for testuser from XX.XXX.XXX.XXX port 1548 ssh2
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug1: monitor_child_preauth: testuser has been authenticated by privileged process
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Waiting for new keys
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive_expect entering: type 24
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive entering
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_newkeys_from_blob: 0x80a85b0(139)
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug2: mac_init: found hmac-sha1
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Waiting for second key
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_newkeys_from_blob: 0x80a85b0(139)
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug2: mac_init: found hmac-sha1
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Getting compression state
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_get_keystate: Getting Network I/O buffers
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_share_sync: Share sync
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_share_sync: Share sync end
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug2: User child is on pid 4591
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive entering
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: monitor_read: checking request 25
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_answer_pty entering
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug1: session_new: init
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug1: session_new: session 0
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_send entering: type 26
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_answer_pty: tty /dev/pts/5 ptyfd 4
/var/log/messages:Jul 13 14:24:15 server1 sshd[4588]: debug3: mm_request_receive entering

[till]

If you want to use chrooting in ISPConfig, you must enable it in /home/admispconfig/ispconfig/lib/config.inc.php, then every new or updated user is chrooted automatically. You do not have to create the chroot jail manually.

[kristaps]

Hi,

Im not creating chroot manualy it whose just for debuging

Now I have new error at the end:

│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_request_send entering: type 26 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_answer_pty: tty /dev/pts/1 ptyfd 4 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_request_receive entering │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: monitor_read: checking request 27 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_answer_pty_cleanup entering │
│Jul 14 22:35:53 server1 sshd[11818]: debug1: session_by_tty: session 0 tty /dev/pts/1 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_session_close: session 0 pid 11823 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_session_close: tty /dev/pts/1 ptyfd 4 │
│Jul 14 22:35:53 server1 sshd[11818]: debug1: session_pty_cleanup: session 0 release /dev/pts/1 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_request_receive entering │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: monitor_read: checking request 58 │
│Jul 14 22:35:53 server1 sshd[11818]: debug3: mm_answer_term: tearing down sessions │
│Jul 14 22:35:55 server1 sshd[6589]: debug2: channel 0: rcvd adjust 8268 │
│Jul 14 22:35:57 server1 sshd[6589]: debug2: channel 0: rcvd adjust 8609

[till]

Please enable chrooting in /home/admispconfig/ispconfig/lib/config.inc.php and create a new user in ISPConfig and try to login with this user.

[kristaps]

Hi,

Yes its already don bat when I’m connecting with that user and entering correct password ssh session is closing and I’m receiving log witch you can see in my previous post.

I think that its related with SuSE bat my skill is not so god to think it auth and log from ssh is not helping at all.

It seems that everything is at place chroot files are created I even can make chroot from local machine bat it’s not working thru ssh

Mea by someone more experience can point my to direction where I mast look because I’m auth of ideas.

[kristaps]

I solved this problem by creating secure telnet only for localhost connections only.

[rafael-ec]

Quote:

Originally Posted by till

If you want to use chrooting in ISPConfig, you must enable it in /home/admispconfig/ispconfig/lib/config.inc.php, then every new or updated user is chrooted automatically. You do not have to create the chroot jail manually.

Would this cause any effect on the other websites I had created before? I like the chroot idea, but before testing, I thinks is save to ask I am not going to mess things up.

Thanks.