Results 1 to 5 of 5

Thread: SSH key with OpenSSH SFTP chroot() with ChrootDirectory

  1. #1
    Join Date
    Aug 2007
    Beans
    15

    SSH key with OpenSSH SFTP chroot() with ChrootDirectory

    Greetings.
    I cant find a way to to connect with ssh key when using chroot in sshd_config. What should the path to the authorized_keys br when following instructions in the following guide http://www.debian-administration.org/articles/590

  2. #2
    Join Date
    Aug 2007
    Beans
    15

    Re: SSH key with OpenSSH SFTP chroot() with ChrootDirectory

    Double posting because no replay in 10 hours. If anyone knows please let me know.

  3. #3
    Join Date
    Aug 2007
    Beans
    15

    Re: SSH key with OpenSSH SFTP chroot() with ChrootDirectory

    anyone?

  4. #4
    Join Date
    May 2007
    Beans
    6

    Re: SSH key with OpenSSH SFTP chroot() with ChrootDirectory

    Hi,

    This worked for everybody but me:


    It is on a VMWare 64 bits running Ubuntu 8.10:

    uname -a:
    Linux server 2.6.27-7-server #1 SMP Fri Oct 24 07:37:55 UTC 2008 i686 GNU/Linux

    This is what I am trying to do.
    What follows was done locally, but happens just the same on remote clients:


    user@server:/var$ sftp 192.45.2.137
    Connecting to 192.45.2.137...
    user@192.45.2.137's password:
    Couldn't read packet: Connection reset by peer



    /var/log/auth.log:

    Jun 18 20:45:57 server sshd[23658]: debug1: Bind to port 22 on ::.
    Jun 18 20:45:57 server sshd[23658]: Server listening on :: port 22.
    Jun 18 20:45:57 server sshd[23658]: debug1: Bind to port 22 on 0.0.0.0.
    Jun 18 20:45:57 server sshd[23658]: Server listening on 0.0.0.0 port 22.
    Jun 18 20:46:03 server sshd[23658]: debug1: Forked child 23664.
    Jun 18 20:46:03 server sshd[23664]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
    Jun 18 20:46:03 server sshd[23664]: debug1: inetd sockets after dupping: 3, 3
    Jun 18 20:46:03 server sshd[23664]: Connection from 192.45.2.137 port 42626
    Jun 18 20:46:03 server sshd[23664]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1p1 Debian-3ubuntu1
    Jun 18 20:46:03 server sshd[23664]: debug1: match: OpenSSH_5.1p1 Debian-3ubuntu1 pat OpenSSH*
    Jun 18 20:46:03 server sshd[23664]: debug1: Enabling compatibility mode for protocol 2.0
    Jun 18 20:46:03 server sshd[23664]: debug1: Local version string SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
    Jun 18 20:46:05 server sshd[23664]: debug1: user user matched group list sftp at line 80
    Jun 18 20:46:05 server sshd[23664]: debug1: PAM: initializing for "user"
    Jun 18 20:46:05 server sshd[23664]: debug1: PAM: setting PAM_RHOST to "192.45.2.137"
    Jun 18 20:46:05 server sshd[23664]: debug1: PAM: setting PAM_TTY to "ssh"
    Jun 18 20:46:05 server sshd[23664]: Failed none for user from 192.45.2.137 port 42626 ssh2
    Jun 18 20:46:06 server sshd[23664]: debug1: PAM: password authentication accepted for user
    Jun 18 20:46:06 server sshd[23664]: debug1: do_pam_account: called
    Jun 18 20:46:06 server sshd[23664]: Accepted password for user from 192.45.2.137 port 42626 ssh2
    Jun 18 20:46:06 server sshd[23664]: debug1: monitor_child_preauth: user has been authenticated by privileged process
    Jun 18 20:46:06 server sshd[23664]: debug1: PAM: establishing credentials
    Jun 18 20:46:06 server sshd[23664]: pam_unix(sshd:session): session opened for user user by (uid=0)
    Jun 18 20:46:06 server sshd[23671]: debug1: SELinux support disabled
    Jun 18 20:46:06 server sshd[23671]: debug1: PAM: establishing credentials
    Jun 18 20:46:06 server sshd[23664]: User child is on pid 23671
    Jun 18 20:46:06 server sshd[23664]: debug1: PAM: cleanup
    Jun 18 20:46:06 server sshd[23664]: debug1: PAM: deleting credentials
    Jun 18 20:46:06 server sshd[23664]: debug1: PAM: closing session
    Jun 18 20:46:06 server sshd[23664]: pam_unix(sshd:session): session closed for user user



    /etc/passwd:

    user:1003:1003:User,,,:/:/usr/sbin/nologin



    /etc/group:

    sftp:1004:user



    /etc/ssh/sshd_config:

    # Logging
    SyslogFacility AUTH
    LogLevel DEBUG
    Subsystem sftp internal-sftp
    Match group sftp
    ForceCommand internal-sftp
    ChrootDirectory /var/sshbox



    user@server:/var$ ls -l
    drwxr-x--- 2 root root 4096 2009-06-18 20:05 sshbox



    Did I miss something?

  5. #5
    Join Date
    Feb 2010
    Beans
    1

    Re: SSH key with OpenSSH SFTP chroot() with ChrootDirectory

    I was having the same issue. I had no idea where to put the authorized_keys file. After some trial and error i found out the home directory in /etc/passwd has to be set to /home/username, that's the only way it will work. If I change the users home directory in /etc/passwd to /username it won't work. The .ssh directory has to have the authorized_key file, and also be in /home/username, not /home/username/home/username. Obviously you need to create /home/username/home/ and /home/username/home/username. Good stuff!

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •