ISPConfig 3.1.13 on Debian 9 Stretch - non-root ssh users immediately disconnected

Discussion in 'ISPConfig 3 Priority Support' started by macguru, Aug 28, 2018.

  1. macguru

    macguru Member HowtoForge Supporter

    Hi !
    I've got strange issue recently, not sure after what it happens, either to 3.1.13 or latest updates of Debian Stretch.
    non-root ssh users immediately disconnected. I suspect this could be somehow related to jailkit but I'm not sure. Root user can connect just fine.
    tail -n 10000 auth.log | grep client_ssh_login
    Aug 28 18:46:35 mail sshd[31261]: Accepted password for client_ssh_login from ip1.xx.xx.xx port yyy ssh2
    Aug 28 18:46:35 mail sshd[31261]: pam_unix(sshd:session): session opened for user client_ssh_login by (uid=0)
    Aug 28 18:46:35 mail sshd[31261]: pam_unix(sshd:session): session closed for user client_ssh_login


    This is really strange. Especially taking into account that port yyy every time is different, and is in 4xxxxx range which I don't use at all.
    Server is in DMZ zone after router/firewall. All other services running fine.
    What could be the problem?
    Thanks in advance.
     
    Last edited: Aug 28, 2018
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Try running the ssh session with -vvv to get more verbose output. Like so:
    Code:
    ssh -vvv [email protected]something.domain.tld
    Then try to as root su to ssh user, log in as root and
    Code:
    su - user
     
  3. macguru

    macguru Member HowtoForge Supporter

    After successful login:

    Last login: Tue Aug 28 18:47:12 2018 from ip.xx.xx.xx
    debug3: receive packet: type 96
    debug2: channel 0: rcvd eof
    debug2: channel 0: output open -> drain
    debug2: channel 0: obuf empty
    debug2: channel 0: close_write
    debug2: channel 0: output drain -> closed
    debug3: receive packet: type 98
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug3: receive packet: type 98
    debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
    debug2: channel 0: rcvd eow
    debug2: channel 0: close_read
    debug2: channel 0: input open -> closed
    debug3: receive packet: type 97
    debug2: channel 0: rcvd close
    debug3: channel 0: will not send data after close
    debug2: channel 0: almost dead
    debug2: channel 0: gc: notify user
    debug2: channel 0: gc: user detached
    debug2: channel 0: send close
    debug3: send packet: type 97
    debug2: channel 0: is dead
    debug2: channel 0: garbage collecting
    debug1: channel 0: free: client-session, nchannels 1
    debug3: channel 0: status: The following connections are open:
    #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)

    debug3: send packet: type 1
    Connection to ip1.xx.xx.xx closed.
    Transferred: sent 2200, received 2696 bytes, in 0.1 seconds
    Bytes per second: sent 15360.3, received 18823.4
    debug1: Exit status 53
     
  4. macguru

    macguru Member HowtoForge Supporter

    After login, I can't su to ISPConfig shell user client_ssh_login, it simply does nothing (no error messages) and remain root.
    su wrong_user results in
    No passwd entry for user 'wrong_user'
    May be I should use webxx user instead ?
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Yes, you can try to su to the web user. In regard to the external shall user login, please take a look at the /etc/passwd file and post the line that you find there for that user.
     
  6. macguru

    macguru Member HowtoForge Supporter

    client_ssh_login:x:5005:5005::/var/www/clients/client1/web10/./home/client_ssh_login:/usr/sbin/jk_chrootsh

    BTW, su webxx also results in nothing. No error message, just don't work without any message.
     
  7. macguru

    macguru Member HowtoForge Supporter

    I removed chroot shell jailkit option in web control panel, no change.
    Created another carbon copy shell user, login terminated instantly.
    Reinstalled jalkit, all same.

    Path is correct
    /var/www/clients/client1/web10/
    Quite strange, I can su in another web user without problem.
     
    Last edited: Aug 29, 2018
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    The line from passwd file looks fine for a jailed user.

    So su'ing into this web user fails while su'ing into another web user works? Then the web[ID] user might be missing or damaged. Please check if the web user exists in passwd and shadow file and that its uid (5005) is the same than the one of the client_ssh_login user.
     
  9. macguru

    macguru Member HowtoForge Supporter

    su from root doesn't work neither to web10 neither to client_ssh_login, path in /etc/passwd is correct.
    su to another web user works.
    web10:x:5005:5005::/var/www/clients/client1/web10/./home/web10:/usr/sbin/jk_chrootsh
    client_ssh_login:x:5005:5005::/var/www/clients/client1/web10/home/client_ssh_login:/usr/sbin/jk_chrootsh
     
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Does the home directory exist and is readable by the user?
     
  11. macguru

    macguru Member HowtoForge Supporter

    cd /var/www/clients/client1
    ls -la
    drwxr-xr-x 20 root root 4096 Apr 1 00:04 web10
    drwxr-xr-x 19 root root 4096 Aug 29 10:16 web8
    su to web8 works, to web10 doesn't.
     
  12. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Those are not home directories for ssh users.
    Code:
    ls -lh /var/www/clients/client1/web10/
    Code:
    ls -lh /var/www/clients/client1/web8/
     
  13. macguru

    macguru Member HowtoForge Supporter

    ls -lh /var/www/clients/client1/web10/

    drwxr-xr-x 2 web10 client1 4.0K Apr 1 00:04 backup
    drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 bin
    drwxr-xr-x 2 web10 client1 4.0K May 22 2017 cgi-bin
    drwxr-xr-x 2 web10 client1 4.0K Aug 29 10:11 dev
    drwxr-xr-x 6 web10 client1 4.0K Mar 29 13:14 etc
    drwxr-xr-x 5 root root 4.0K Aug 29 10:17 home
    drwxr-xr-x 4 web10 client1 4.0K Mar 29 13:14 lib
    drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 lib64
    drwxr-xr-x 2 root root 4.0K Aug 29 00:05 log
    drwx--x--- 2 web10 client1 4.0K May 22 2017 private
    drwxr-xr-x 3 web10 client1 4.0K Mar 29 13:14 run
    drwxr-xr-x 2 root root 4.0K Mar 29 13:14 ssl
    drwxrwxrwx 2 web10 client1 4.0K May 8 15:48 tmp
    drwxr-xr-x 6 web10 client1 4.0K Mar 29 13:14 usr
    drwxr-xr-x 2 web10 client1 4.0K Mar 29 13:14 var
    drwx--x--x 18 web10 client1 4.0K Mar 29 13:17 web
    drwx--x--- 2 web10 client1 4.0K Mar 29 13:14 webdav

    ls -lh /var/www/clients/client1/web10/home/
    drwxr-x--- 6 web10 client1 4.0K Aug 29 10:18 client_ssh_login
    drwxr-x--- 2 web10 client1 4.0K Jan 18 2018 web10

    Strange enough, same client_ssh_login directory exists also in
    ls -lh /var/www/clients/client1/web8/home/
    drwxr-x--- 4 web8 client1 4.0K Jan 18 2018 client_ssh_login
    drwxr-x--- 2 web8 client1 4.0K Aug 29 11:46 web8
     
  14. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Directory web10/home is owned by root:root. Use
    Code:
    chown web10:client1 web10/home
    And use code block when you paste listings, makes it easier to read.
     
  15. macguru

    macguru Member HowtoForge Supporter

    Did chown as above, restarted ssh service, nothing changed.
    Probably have to completely delete all staff related to this user.

    Made another shell user with jailkit, it logins succesfully. Really strange glitch.
     
  16. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Did you check owner of files in home/ directory? Recursively and also hidden files?
     
  17. macguru

    macguru Member HowtoForge Supporter

    I wiped out all problematic staff, and recreated again.
    Its really strange, I didn't changed anything of that web10 user for a months, only web programmer did uploaded some stuff about 2 months ago (he used chrooted shell access).
     

Share This Page