Page 11 of 11 FirstFirst ... 91011
Results 101 to 109 of 109

Thread: Howto create chrooted Openssh SFTP without shell access through rssh.

  1. #101
    Join Date
    May 2008
    Beans
    23

    Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    Quote Originally Posted by cypher35 View Post
    FYI, this is much easier now that the openssh package in Interpid is above version 4.8.

    rssh is no longer necessary.

    see: http://www.debian-administration.org/articles/590
    Actually, it is easier to get chroot with OpenSSH 4.9+ (5.1 on Ubuntu 8.10), however, you cannot set umask using this method.

    For whatever reason (I cannot seem to find why or a solution) the umask is always being set at the roots umask which is "umask 133" or "rw-r--r--".

    I'm trying to get it to allow groups to write any files uploaded as well... "rw-rw-r--" or "umask 113". However, I've googled several sources that have you making a script wrapper, or editing /etc/init.d/ssh to add the umask, etc.

    I've yet to get one of those to work, so I'm trying this out.

    My test case is transfering a txt file from windows using WinSCP to my Ubuntu box. Every file I transfer ends up with "rw-r--r--". Even when I "sudo touch somefile.txt" I get the same thing.

    I'm trying rssh out to see if this will solve the problem. At least until they have some sort of default "umask" setting for OpenSSH via sftp.

  2. #102
    Join Date
    Jun 2009
    Beans
    4

    Question Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    Hi,

    This is a great tutorial!

    I was able to set up sftp in a chrooted jail on intrepid and was running fine until after (I think) I upgraded to jaunty. Now, when I use WinSCP to access the system, I get the following error:

    "Connection has been unexpectedly closed. Server sent command exit status 1.
    Cannot initialize SFTP protocol. Is the host running a SFTP server?"

    Any help with getting this working again is much appreciated.

    Thanks
    Joe

  3. #103
    Join Date
    Jun 2009
    Beans
    4

    Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    Never mind! I was able to get it working again. It seems the upgrade process reset the setuid root step. I reran the following step from the tutorial and everything is back to the way it was before! Joy! Hopefully this will help someone else with the same issue.



    In order for the chrooting process to work, "/usr/lib/rssh/rssh_chroot_helper" has to be setuid root. (Note: this path is relative to real root, not chroot root.) To setuid root, run the command:
    Code:
    sudo chmod u+s /usr/lib/rssh/rssh_chroot_helper

  4. #104
    Join Date
    Oct 2008
    Beans
    29

    Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    Many thanks for this howto! One try and it works Excellent work.

    I've one question though: Can I chroot a user to their own home folder? Because now they can read the whole chroot-folder, above their own home folder.

    Thanks in advance. Excellent post.

  5. #105
    Join Date
    Nov 2005
    Beans
    169
    Distro
    Ubuntu 6.06

    Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    Quote Originally Posted by Stan* View Post
    Many thanks for this howto! One try and it works Excellent work.

    I've one question though: Can I chroot a user to their own home folder? Because now they can read the whole chroot-folder, above their own home folder.

    Thanks in advance. Excellent post.
    You're welcome. My answer is no and yes.

    No, you can't hide that stuff in the chroot folder from the user with the rssh setup. They need to be accessible in order for the setup to work. That said, the steps in the tutorial removed most, if not all, of the sensitive information from the files in the chroot folder and only kept the stuff necessary for operation.

    But yes, you can create an equivalent setup where only the user's home folder is accessible to the user. I just updated the main post for this thread with information on how to do this. (The reason why my original tutorial didn't take this new approach was because this new approach uses features that appeared after I wrote the original tutorial).

    Basically, you use the ChrootDirectory, ForceCommand, Match, and Subsystem keywords in your sshd_config to implement the same chrooted SFTP without a shell access for a user.

    I haven't tried it myself yet (and I probably won't be able to post a new Ubuntu tutorial myself since I'm using Gentoo Linux instead now), but there are many articles about how to do so; here are a few:
    -Jimmy

  6. #106

    Where the SFTP users will go

    I've seen this guide for chrooted SFTP, and I've learnt from a lot of tutorials as this. Here my compendium to configure better clients and servers:

    http://wiki.lapipaplena.org/index.ph..._SFTP_accesses

    (special care of users and permissions)
    Narcis Garcia

  7. #107
    Join Date
    Mar 2007
    Location
    Berkeley, CA
    Beans
    17
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    I realize that this is years old, but I just got mine working. I was having a problem similar to this one.

    My problem was in /etc/rssh.conf

    I had uncommented chrootpath = '/home/chroot'

    So I recommented that line, and badda bing.

    I didn't want to lock this guy into /home/chroot, I wanted him to be able to log into his /home/user dir, but not grant ssh access.




    Quote Originally Posted by juicybananahead View Post
    Hi Jimmy,

    Got it working! For your own peace of mind , here's the information you were looking for:

    First, the verbose output of an sftp attempt.
    Code:
    user@ubuntubox:~$ sftp -v -v sft@localhost
    Connecting to localhost...
    OpenSSH_4.1p1 Debian-7ubuntu4.1, OpenSSL 0.9.7g 11 Apr 2005
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [127.0.0.1] port 22.
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/id_rsa type -1
    debug1: identity file /home/user/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_4.1p1 Debia n-7ubuntu4.1
    debug1: match: OpenSSH_4.1p1 Debian-7ubuntu4.1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.1p1 Debian-7ubuntu4.1
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro up14-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
    debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-c tr
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open ssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug2: dh_gen_key: priv key bits set: 137/256
    debug2: bits set: 483/1024
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'localhost' is known and matches the RSA host key.
    debug1: Found key in /home/user/.ssh/known_hosts:8
    debug2: bits set: 475/1024
    debug1: ssh_rsa_verify: signature correct
    debug2: kex_derive_keys
    debug2: set_newkeys: mode 1
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug2: set_newkeys: mode 0
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug2: service_accept: ssh-userauth
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug2: key: /home/user/.ssh/id_rsa ((nil))
    debug2: key: /home/user/.ssh/id_dsa ((nil))
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/user/.ssh/id_rsa
    debug1: Trying private key: /home/user/.ssh/id_dsa
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: password
    sft@localhost's password:
    debug2: we sent a password packet, wait for reply
    debug1: Authentication succeeded (password).
    debug2: fd 4 setting O_NONBLOCK
    debug1: channel 0: new [client-session]
    debug2: channel 0: send open
    debug1: Entering interactive session.
    debug2: callback start
    debug2: client_session2_setup: id 0
    debug1: Sending environment.
    debug1: Sending env LANG = en_GB.UTF-8
    debug2: channel 0: request env confirm 0
    debug1: Sending subsystem: sftp
    debug2: channel 0: request subsystem confirm 1
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 131072
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug2: channel 0: rcvd eof
    debug2: channel 0: output open -> drain
    debug2: channel 0: obuf empty
    debug2: channel 0: close_write
    debug2: channel 0: output drain -> closed
    debug2: channel 0: rcvd close
    debug2: channel 0: close_read
    debug2: channel 0: input open -> closed
    debug2: channel 0: almost dead
    debug2: channel 0: gc: notify user
    debug2: channel 0: gc: user detached
    debug2: channel 0: send close
    debug2: channel 0: is dead
    debug2: channel 0: garbage collecting
    debug1: channel 0: free: client-session, nchannels 1
    debug1: fd 0 clearing O_NONBLOCK
    debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.3 seconds
    debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
    debug1: Exit status 1
    Connection closed
    Second, the syslog entries for the sftp attempt.
    Code:
    user@ubuntubox:~$ sudo cat /var/log/syslog | tail -8
    Apr 16 23:34:16 localhost rssh[26642]: setting log facility to LOG_USER
    Apr 16 23:34:16 localhost rssh[26642]: allowing sftp to all users
    Apr 16 23:34:16 localhost rssh[26642]: setting umask to 022
    Apr 16 23:34:16 localhost rssh[26642]: chrooting all users to /home/chroot
    Apr 16 23:34:16 localhost rssh[26642]: chroot cmd line: /usr/lib/rssh/rssh_chroot_helper "/home/chroot" 2 "/home/sft" /usr/lib/sftp-server
    Apr 16 23:34:17 localhost rssh_chroot_helper[26642]: new session for sft, UID=1004
    Apr 16 23:34:17 localhost rssh_chroot_helper[26642]: could not cd to user's home dir: /home/sft
    Apr 16 23:34:17 localhost rssh_chroot_helper[26642]: execv() failed, /usr/lib/sftp-server: No such file or directory
    Alright, I first noticed that chrooted /home/sft (i.e. /home/chroot/home/sft) could not be cd'd to, so I created a directory like that but I didn't think that would have much of an effect... and right I was. Another failure to sftp. The syslog entries for this attempt:
    Code:
    user@ubuntubox:~$ sudo cat /var/log/syslog | tail -7
    Apr 16 23:45:29 localhost rssh[26982]: setting log facility to LOG_USER
    Apr 16 23:45:29 localhost rssh[26982]: allowing sftp to all users
    Apr 16 23:45:29 localhost rssh[26982]: setting umask to 022
    Apr 16 23:45:29 localhost rssh[26982]: chrooting all users to /home/chroot
    Apr 16 23:45:29 localhost rssh[26982]: chroot cmd line: /usr/lib/rssh/rssh_chroot_helper "/home/chroot" 2 "/home/sft" /usr/lib/sftp-server
    Apr 16 23:45:29 localhost rssh_chroot_helper[26982]: new session for sft, UID=1004
    Apr 16 23:45:29 localhost rssh_chroot_helper[26982]: execv() failed, /usr/lib/sftp-server: No such file or directory
    Okaaaay... now it's looking for /usr/lib/sftp-server (i.e. /home/chroot/usr/lib/sftp-server). Why is it looking for that? I thought it would be looking for /lib/sftp-server (i.e. /home/chroot/lib/sftp-server). Let's have a look at the entire contents of /home/chroot
    Code:
    user@ubuntubox:/home/chroot$ ls -lR
    .:
    total 20
    drwxr-xr-x  2 root root 4096 2006-04-16 07:40 dev
    drwxr-xr-x  2 root root 4096 2006-04-16 23:41 etc
    drwxr-xr-x  3 root root 4096 2006-04-16 23:41 home
    drwxr-xr-x  3 root root 4096 2006-04-16 23:45 lib
    drwxr-xr-x  4 root root 4096 2006-04-14 20:44 usr
    
    ./dev:
    total 0
    srw-rw-rw-  1 root root 0 2006-04-16 07:40 log
    
    ./etc:
    total 76
    -rw-r--r--  1 root root 56431 2006-04-14 20:44 ld.so.cache
    -rw-r--r--  1 root root    63 2006-04-14 20:44 ld.so.hwcappkgs
    -rw-r--r--  1 root root   465 2006-04-14 20:44 nsswitch.conf
    -rw-r--r--  1 root root    64 2006-04-16 23:41 passwd
    -rw-r--r--  1 root root    76 2006-04-16 23:33 passwd~
    
    ./home:
    total 4
    drwxr-xr-x  2 root root 4096 2006-04-16 23:41 sft
    
    ./home/sft:
    total 0
    
    ./lib:
    total 260
    -rwxr-xr-x  1 root root 88168 2006-04-14 20:47 ld-linux.so.2
    -rw-r--r--  1 root root 26332 2006-04-14 20:49 libnss_compat.so.2
    -rw-r--r--  1 root root 34268 2006-03-24 14:34 libnss_files-2.3.5.so
    lrwxrwxrwx  1 root root    21 2006-04-14 20:44 libnss_files.so.2 -> libnss_files-2.3.5.so
    -rw-r--r--  1 root root 68084 2006-04-14 20:44 libselinux.so.1
    -rwxr-xr-x  2 root root 27184 2006-04-14 20:44 sftp-server
    drwxr-xr-x  3 root root  4096 2006-04-14 20:44 tls
    
    ./lib/tls:
    total 4
    drwxr-xr-x  3 root root 4096 2006-04-14 20:44 i686
    
    ./lib/tls/i686:
    total 4
    drwxr-xr-x  2 root root 4096 2006-04-14 20:44 cmov
    
    ./lib/tls/i686/cmov:
    total 1408
    -rw-r--r--  1 root root   21864 2006-04-14 20:44 libcrypt.so.1
    -rw-r--r--  1 root root 1229936 2006-04-14 20:44 libc.so.6
    -rw-r--r--  1 root root    9580 2006-04-14 20:44 libdl.so.2
    -rw-r--r--  1 root root   76760 2006-04-14 20:44 libnsl.so.1
    -rw-r--r--  1 root root   67364 2006-04-14 20:44 libresolv.so.2
    -rw-r--r--  1 root root    9656 2006-04-14 20:44 libutil.so.1
    
    ./usr:
    total 8
    drwxr-xr-x  2 root root 4096 2006-04-14 20:44 bin
    drwxr-xr-x  5 root root 4096 2006-04-14 20:44 lib
    
    ./usr/bin:
    total 56
    -rwxr-xr-x  1 root root 18960 2006-04-14 20:44 rssh
    -rwxr-xr-x  1 root root 34884 2006-04-14 20:44 scp
    
    ./usr/lib:
    total 92
    drwxr-xr-x  3 root root  4096 2006-04-14 20:44 i686
    -rw-r--r--  1 root root 77208 2006-04-14 20:44 libz.so.1
    drwxr-xr-x  2 root root  4096 2006-04-14 20:44 openssh
    drwxr-xr-x  2 root root  4096 2006-04-14 20:44 rssh
    
    ./usr/lib/i686:
    total 4
    drwxr-xr-x  2 root root 4096 2006-04-14 20:44 cmov
    
    ./usr/lib/i686/cmov:
    total 1004
    -rw-r--r--  1 root root 1022224 2006-04-14 20:44 libcrypto.so.0.9.7
    
    ./usr/lib/openssh:
    total 28
    -rwxr-xr-x  2 root root 27184 2006-04-14 20:44 sftp-server
    
    ./usr/lib/rssh:
    total 8
    -rwsr-xr-x  1 root root 6680 2006-04-14 20:44 rssh_chroot_helper
    Right, sftp-server is present in /home/chroot/usr/lib/openssh and /home/chroot/lib/. Now, let's make a link in /home/chroot/usr/lib...
    Code:
    user@ubuntubox:/home/chroot$ sudo ln /home/chroot/usr/lib/openssh/sftp-server /home/chroot/usr/lib/
    And try to sftp in...
    Code:
    user@ubuntubox:~$ sftp sft@localhost
    Connecting to localhost...
    sft@localhost's password:
    sftp> pwd
    Remote working directory: /home/sft
    sftp> ls
    test.txt
    sftp> get test.txt
    Fetching /home/sft/test.txt to test.txt
    /home/sft/test.txt                            100%    6     0.0KB/s   00:00
    sftp> bye
    user@ubuntubox:~$ cat ./test.txt
    Successful sftp test!
    Ta-daa! I am honestly not sure what went wrong during setup - was it because my /etc/sshd_config points at /usr/lib/sftp-server as the location of sftp-server?
    Code:
    user@ubuntubox:~$ cat /etc/ssh/sshd_config | grep sftp
    Subsystem sftp /usr/lib/sftp-server
    Anyway, I'm just glad to get it working. Thanks for your help, Jimmy!

    // Dave

  8. #108

    Other chroot directories

    You can proceed as in my tutorial with OpenSSH, but setting chroot directory to the $HOME in /etc/ssh/sshd_config:

    Code:
    ChrootDirectory %h
    If this is only for 1 user (not for all SFTP-only), you can write a "Match" clause for him:
    Code:
    Match User myname
    With OpenSSH server 4.8 or above, you can avoid RSSH patch.
    Narcis Garcia

  9. #109
    Join Date
    Sep 2008
    Beans
    23

    Re: Howto create chrooted Openssh SFTP without shell access through rssh.

    I am trying the sftp / rssh approach as described in this tutorial and the 11 pages following it.

    I am using LDAP for users, so I think I cannot use the new OpenSSH/chroot-jail approach (linked here: http://www.debian-administration.org/articles/590), because the Match directive only seems to allow local users and groups (and not ldap)

    So rssh works without chroot-jail, i.e. if I disable
    Code:
    #chrootpath = "/srv/ftp"
    everything is working as it should. I can log on to the server with LDAP users, but cannot initiate ssh sessions. (all LDAP users have login-shell /usr/bin/rssh

    However I want them restricted to the /srv/ftp directory, so I want it to work with chroot-jail. A sample sftp connection attempt looks like this

    Code:
    sftp -v -v harry@localhost
    ...
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/XXXXX/.ssh/id_rsa
    debug1: Trying private key: /home/XXXXX/.ssh/id_dsa
    debug1: Trying private key: /home/XXXXX/.ssh/id_ecdsa
    debug2: we did not send a packet, disable method
    debug1: Next authentication method: password
    harry@localhost's password: 
    debug2: we sent a password packet, wait for reply
    debug1: Authentication succeeded (password).
    Authenticated to localhost ([::1]:22).
    debug2: fd 4 setting O_NONBLOCK
    debug1: channel 0: new [client-session]
    debug2: channel 0: send open
    debug1: Requesting no-more-sessions@openssh.com
    debug1: Entering interactive session.
    debug2: callback start
    debug2: client_session2_setup: id 0
    debug2: fd 3 setting TCP_NODELAY
    debug1: Sending environment.
    debug1: Sending env LANG = en_US.UTF-8
    debug2: channel 0: request env confirm 0
    debug1: Sending subsystem: sftp
    debug2: channel 0: request subsystem confirm 1
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel 0: rcvd adjust 2097152
    debug2: channel_input_status_confirm: type 99 id 0
    debug2: subsystem request accepted on channel 0
    debug2: channel 0: rcvd eof
    debug2: channel 0: output open -> drain
    debug2: channel 0: obuf empty
    debug2: channel 0: close_write
    debug2: channel 0: output drain -> closed
    debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
    debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0
    debug2: channel 0: rcvd eow
    debug2: channel 0: close_read
    debug2: channel 0: input open -> closed
    debug2: channel 0: rcvd close
    debug2: channel 0: almost dead
    debug2: channel 0: gc: notify user
    debug2: channel 0: gc: user detached
    debug2: channel 0: send close
    debug2: channel 0: is dead
    debug2: channel 0: garbage collecting
    debug1: channel 0: free: client-session, nchannels 1
    debug1: fd 0 clearing O_NONBLOCK
    Transferred: sent 1736, received 1472 bytes, in 0.2 seconds
    Bytes per second: sent 7993.4, received 6777.8
    debug1: Exit status 1
    Connection closed
    /var/log/syslog looks like this
    Code:
    rssh[13810]: setting log facility to LOG_USER
    rssh[13810]: allowing scp to all users
    rssh[13810]: allowing sftp to all users
    rssh[13810]: setting umask to 022
    rssh[13810]: chrooting all users to /srv/ftp
    rssh[13810]: chroot cmd line: /usr/lib/rssh/rssh_chroot_helper 2 "/usr/lib/openssh/sftp-server"
    slapd[10203]: connection_read(31): no connection!
    /var/log/auth
    Code:
    sshd[13727]: pam_sm_authenticate: Called
    sshd[13727]: pam_sm_authenticate: username = [harry]
    sshd[13727]: Accepted password for harry from ::1 port 36959 ssh2
    sshd[13727]: pam_unix(sshd:session): session opened for user harry by (uid=0)
    sshd[13809]: subsystem request for sftp by user harry
    sshd[13809]: Received disconnect from ::1: 11: disconnected by user
    sshd[13727]: pam_unix(sshd:session): session closed for user harry
    sshd[13727]: pam_winbind(sshd:setcred): request wbcLogoffUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
    sshd[13727]: pam_winbind(sshd:setcred): failed to logoff user harry: WBC_ERR_AUTH_ERROR
    sshd[13727]: pam_winbind(sshd:setcred): request wbcLogoffUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATrror: PAM_USER_, Error message was: age was: 
    sshd[13727]: pam_winbind(sshd:setcred): internal module error (retval = (null)(1398101057), user = 'harry')

    I checked all the suggestions here, especially
    Code:
    mknod -m 666 /home/chroot/dev/null c 1 3
    and
    Code:
    chmod u+s /usr/lib/rssh/rssh_chroot_helper
    as these seem to have been the most common mistakes.

    I also checked that all libraries listed by ldd `which sftp`
    are also located under /srv/ftp/lib
    and that all bins listed by
    rssh -v
    are where they are listed at.

    Now I am really out of ideas. Does any of you know what else could be the problem, or what else I could try?

    Thanks a lot!

Page 11 of 11 FirstFirst ... 91011

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •