AIX 5.2 chroot Problem with the jail
From: aix5l (reto_schubnell_at_hotmail.com)
Date: 04/30/04
- Previous message: Toby Thatcher: "Re: SSH Windows XP to Slack linux problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Apr 2004 02:14:07 -0700
Hi
I've Built the ssh environment with openssh-3.8p1-chroot and
openssl-0.9.7d
I've also the Patch of Akos Domjan aplied
But i couldn't built the jail.
Wath can be the Problem ?
root.system@aixlab
/home/testftp # egrep "root|testftp" etc/passwd
root:!:0:0::/root:/usr/bin/ksh
testftp:!:214:1::/testftp/./transfer:/usr/local/libexec/sftp-server
root.system@aixlab
/home/testftp # egrep "root|testftp" /etc/passwd
root:!:0:0::/root:/usr/bin/ksh
testftp:!:214:1::/home/testftp/./transfer:/usr/local/libexec/sftp-server
root.system@aixlab
/home/testftp # egrep "root|testftp" etc/group
system:!:0:root,svcagent
staff:*:1:invscout,ipsec,svcagent,cas,freeware,sshd,sftp,testftp
root.system@aixlab
/home/testftp # egrep "root|testftp" /etc/group
system:!:0:root,svcagent
staff:!:1:invscout,ipsec,svcagent,cas,freeware,sshd,sftp,testftp
When I connect with sftp in Debug Mode:
Server Site:
/etc/rc.d/rc2.d # sshd -d -D
debug1: sshd version OpenSSH_3.6.1p2-CERT-patched
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 172.16.230.70.
Server listening on 172.16.230.70 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 172.16.230.94 port 33715
debug1: Client protocol version 1.5; client software version
OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat
OpenSSH_3.2*,OpenSSH_3.3*,OpenSSH_3.4*,OpenSSH_3.5*
debug1: Local version string SSH-1.99-OpenSSH_3.6.1p2-CERT-patched
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): A file
or directory in the path name does not exist.
debug1: Failed dlopen: /usr/krb5/lib/libkrb5.a(libkrb5.a.so): A file
or directory in the path name does not exist.
debug1: permanently_set_uid: 211/207
debug1: Sent 768 bit server key and 1024 bit host key.
debug1: Encryption type: 3des
debug1: Received session key; encryption turned on.
debug1: Installing crc compensation attack detector.
debug1: Attempting authentication for testftp.
Failed none for testftp from 172.16.230.94 port 33715debug1: rcvd
SSH_CMSG_AUTH_TIS
Failed challenge-response for testftp from 172.16.230.94 port 33715
Accepted password for testftp from 172.16.230.94 port 33715Accepted
password for testftp from 172.16.230.94 port 33715
debug1: monitor_child_preauth: testftp has been authenticated by
privileged process
debug1: permanently_set_uid: 214/1
debug1: session_new: init
debug1: session_new: session 0
debug1: Installing crc compensation attack detector.
debug1: Enabling compression at level 6.
debug1: Exec command '/usr/sbin/sftp-server'
debug1: Entering interactive session.
debug1: fd 9 setting O_NONBLOCK
debug1: fd 11 setting O_NONBLOCK
debug1: fd 8 setting O_NONBLOCK
debug1: fd 10 setting O_NONBLOCK
debug1: server_init_dispatch_13
debug1: server_init_dispatch_15
Client Site:
root.system@aixweb
/root # sftp -vC1 testftp@aixlab
Connecting to aixlab...
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to aixlab [172.16.230.70] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.6.1p2-CERT-patched
debug1: match: OpenSSH_3.6.1p2-CERT-patched pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024
bits).
debug1: Host 'aixlab' is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:4
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Doing challenge response authentication.
debug1: No challenge.
debug1: Doing password authentication.
testftp@aixlab's password:
debug1: Requesting compression at level 6.
debug1: Enabling compression at level 6.
debug1: Sending command: /usr/sbin/sftp-server
debug1: Entering interactive session.
debug1: fd 0 setting O_NONBLOCK
Environment:
USER=testftp
LOGNAME=testftp
LOGIN=testftp
HOME=/home/testftp/./transfer
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/opt/nmon
MAIL=/var/spool/mail/testftp
SHELL=/usr/local/libexec/sftp-server
TZ=NFT-1DFT+1,M3.5.0/3:00,M10.5.0/3:00
SSH_CLIENT=172.16.230.94 33715 22
SSH_CONNECTION=172.16.230.94 33715 172.16.230.70 22
AUTHSTATE=compat
LANG=en_US
LOCPATH=/usr/lib/nls/loc
NLSPATH=/usr/lib/nls/msg/%L/%N:/usr/lib/nls/msg/%L/%N.cat
LC__FASTMSG=true
ODMDIR=/etc/objrepos
DOCUMENT_SERVER_MACHINE_NAME=localhost
DOCUMENT_SERVER_PORT=49213
CGI_DIRECTORY=/var/docsearch/cgi-bin
DOCUMENT_DIRECTORY=/usr/docsearch/html
IMQCONFIGSRV=/etc/IMNSearch
IMQCONFIGCL=/etc/IMNSearch/dbcshelp
sftp> pwd
Remote working directory: /home/testftp/transfer
sftp> dir
drwxr-xr-x 2 testftp staff 512 Apr 29 16:09 .
drwxr-xr-x 12 testftp staff 512 Apr 29 16:53 ..
sftp> cd /
sftp> dir
drwxr-xr-x 26 root system 1024 Apr 15 09:30 .
drwxr-xr-x 26 root system 1024 Apr 15 09:30 ..
drwx------ 2 root system 512 Apr 5 11:01 lost+found
drwxr-xr-x 30 root system 512 Apr 14 15:09 var
drwxrwxrwt 21 bin bin 10752 Apr 30 10:52 tmp
drwxr-xr-x 18 bin bin 512 Apr 28 14:45 home
drwxr-xr-x 5 root system 512 Apr 5 13:48 .dt
drwxr-xr-x 47 bin bin 1024 Apr 26 15:59 usr
lrwxrwxrwx 1 bin bin 8 Apr 5 11:01 lib
drwxr-x--- 2 root audit 512 Apr 16 2003 audit
drwxrwxr-x 5 root system 3584 Apr 30 00:00 dev
drwxr-xr-x 26 root system 3584 Apr 29 16:42 etc
lrwxrwxrwx 1 bin bin 5 Apr 5 11:01 u
drwxr-xr-x 131 bin bin 4096 Apr 26 16:01 lpp
drwxr-xr-x 2 bin bin 512 Apr 16 2003 mnt
drwxr-xr-x 12 root system 512 Apr 27 11:22 opt
dr-xr-xr-x 1 root system 0 Apr 30 10:52 proc
drwxr-xr-x 3 bin bin 512 Apr 5 11:05 sbin
lrwxrwxrwx 1 bin bin 8 Apr 5 11:01 bin
drwxr-sr-x 13 sys sys 1536 Apr 30 08:15 root
sftp> Connection to aixlab closed by remote host.
debug1: Transferred: stdin 202, stdout 4466, stderr 788 bytes in 71.1
seconds
debug1: Bytes per second: stdin 2.8, stdout 62.8, stderr 11.1
debug1: Exit status -1
debug1: compress outgoing: raw data 293, compressed 179, factor 0.61
debug1: compress incoming: raw data 5279, compressed 1930, factor 0.37
Where i can look on Errors what i'm doing wrong ?
Have anybody experience in building a chroot jail on AIX ?
( The User only needs to connect via sftp. )
Im also interessted to build an sftp Server with Logging enabled (
Transfer / File Modification )
Thanks
- Previous message: Toby Thatcher: "Re: SSH Windows XP to Slack linux problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
