|
From: | Jon Gullidge |
Subject: | RE: [Jailkit-users] SSH Problems |
Date: | Sun, 8 Nov 2009 14:11:41 +0000 |
It was in /etc/shells but hadn't given itself a new line so had joined with the last line. I fixed that but it's made no difference. Although I'm unsure if I need to reload/restart anything? I did reload sshd but not changed. The only logging from jk is on a successful SU: Nov 8 13:22:58 crispycrisp su[21351]: Successful su for javadk by root Nov 8 13:22:58 crispycrisp su[21351]: + pts/1 root:javadk Nov 8 13:22:58 crispycrisp su[21351]: pam_unix(su:session): session opened for user javadk by root(uid=0) Nov 8 13:22:58 crispycrisp jk_chrootsh[21352]: now entering jail /home/jail for user javadk (5509) Via SSH there is no jk log: Nov 8 13:33:05 crispycrisp sshd[22569]: Accepted keyboard-interactive/pam for javadk from 127.0.0.1 port 52381 ssh2 Nov 8 13:33:05 crispycrisp sshd[22569]: pam_unix(sshd:session): session opened for user javadk by (uid=0) Nov 8 13:35:56 crispycrisp sshd[22569]: pam_unix(sshd:session): session closed for user javadk Nov 8 13:36:43 crispycrisp sshd[23000]: error: PAM: Authentication failure for javadk from localhost I turned debug3 loglevel on for SSHd. It doesn't really show a lot, but here it is incase it shows you more than it does me: Nov 8 13:39:54 crispycrisp sshd[23440]: debug2: fd 3 setting O_NONBLOCK Nov 8 13:39:54 crispycrisp sshd[23440]: debug1: Bind to port 60022 on ::. Nov 8 13:39:54 crispycrisp sshd[23440]: Server listening on :: port 60022. Nov 8 13:39:54 crispycrisp sshd[23440]: debug2: fd 4 setting O_NONBLOCK Nov 8 13:39:54 crispycrisp sshd[23440]: debug1: Bind to port 60022 on 0.0.0.0. Nov 8 13:39:54 crispycrisp sshd[23440]: Server listening on 0.0.0.0 port 60022. Nov 8 13:40:01 crispycrisp cron[23457]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) Nov 8 13:40:11 crispycrisp sshd[23440]: debug3: fd 5 is not O_NONBLOCK Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 Nov 8 13:40:11 crispycrisp sshd[23440]: debug1: Forked child 23488. Nov 8 13:40:11 crispycrisp sshd[23440]: debug3: send_rexec_state: entering fd = 8 config len 255 Nov 8 13:40:11 crispycrisp sshd[23440]: debug3: ssh_msg_send: type 0 Nov 8 13:40:11 crispycrisp sshd[23440]: debug3: send_rexec_state: done Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: inetd sockets after dupping: 3, 3 Nov 8 13:40:11 crispycrisp sshd[23488]: Connection from 127.0.0.1 port 50377 Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1 Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: match: OpenSSH_5.1 pat OpenSSH* Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: Enabling compatibility mode for protocol 2.0 Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: Local version string SSH-2.0-OpenSSH_5.1 Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: fd 3 setting O_NONBLOCK Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: Network child is on pid 23489 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: preauth child monitor started Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 0 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_moduli: got parameters: 1024 1024 8192 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 1 Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: monitor_read: 0 used once, disabling now Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 4 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_sign Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_sign: signature 0x80b2368(271) Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 5 Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: monitor_read: 4 used once, disabling now Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 6 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_pwnamallow Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: Trying to reverse map address 127.0.0.1. Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: parse_server_config: config reprocess config len 255 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 7 Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: monitor_read: 6 used once, disabling now Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 45 Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: PAM: initializing for "javadk" Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: PAM: setting PAM_RHOST to "localhost" Nov 8 13:40:11 crispycrisp sshd[23488]: debug1: PAM: setting PAM_TTY to "ssh" Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: monitor_read: 45 used once, disabling now Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 3 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_authserv: service=ssh-connection, style= Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: monitor_read: 3 used once, disabling now Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 8 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 9 Nov 8 13:40:11 crispycrisp sshd[23488]: debug2: monitor_read: 8 used once, disabling now Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 48 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_pam_init_ctx Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: PAM: sshpam_init_ctx entering Nov 8 13:40:11 crispycrisp sshd[23490]: debug3: PAM: sshpam_thread_conv entering, 1 messages Nov 8 13:40:11 crispycrisp sshd[23490]: debug3: ssh_msg_send: type 1 Nov 8 13:40:11 crispycrisp sshd[23490]: debug3: ssh_msg_recv entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 49 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: monitor_read: checking request 50 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_answer_pam_query Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: PAM: sshpam_query entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: ssh_msg_recv entering Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 51 Nov 8 13:40:11 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: monitor_read: checking request 52 Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: mm_answer_pam_respond Nov 8 13:40:21 crispycrisp sshd[23488]: debug2: PAM: sshpam_respond entering, 1 responses Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: ssh_msg_send: type 6 Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 53 Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: monitor_read: checking request 50 Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: mm_answer_pam_query Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: PAM: sshpam_query entering Nov 8 13:40:21 crispycrisp sshd[23488]: debug3: ssh_msg_recv entering Nov 8 13:40:24 crispycrisp sshd[23490]: debug3: ssh_msg_send: type 7 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: PAM: Authentication failure Nov 8 13:40:24 crispycrisp sshd[23488]: error: PAM: Authentication failure for javadk from localhost Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 51 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: monitor_read: checking request 54 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_answer_pam_free_ctx Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: PAM: sshpam_free_ctx entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: PAM: sshpam_thread_cleanup entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 55 Nov 8 13:40:24 crispycrisp sshd[23488]: debug2: monitor_read: 54 used once, disabling now Nov 8 13:40:24 crispycrisp sshd[23488]: Failed keyboard-interactive/pam for javadk from 127.0.0.1 port 50377 ssh2 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: monitor_read: checking request 48 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_answer_pam_init_ctx Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: PAM: sshpam_init_ctx entering Nov 8 13:40:24 crispycrisp sshd[23517]: debug3: PAM: sshpam_thread_conv entering, 1 messages Nov 8 13:40:24 crispycrisp sshd[23517]: debug3: ssh_msg_send: type 1 Nov 8 13:40:24 crispycrisp sshd[23517]: debug3: ssh_msg_recv entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 49 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: monitor_read: checking request 50 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_answer_pam_query Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: PAM: sshpam_query entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: ssh_msg_recv entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_send entering: type 51 Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: mm_request_receive entering Nov 8 13:40:24 crispycrisp sshd[23488]: debug1: do_cleanup Nov 8 13:40:24 crispycrisp sshd[23488]: debug1: PAM: cleanup Nov 8 13:40:24 crispycrisp sshd[23488]: debug3: PAM: sshpam_thread_cleanup entering Nov 8 13:44:57 crispycrisp sshd[23440]: Received SIGHUP; restarting. Now I know I'm using Pam, PAM set to Yes in sshd_config. I tried the chroot with PAM but it made no difference :/ > Date: Sun, 8 Nov 2009 15:01:10 +0100 > From: address@hidden > To: address@hidden > Subject: Re: [Jailkit-users] SSH Problems > > Jon Gullidge wrote: > > If I change it in /etc/passwd to /bin/bash it lets me ssh in fine. > > Change it back to jk_chrootsh and it fails again. > > Hope that helps shed a bit more light for you! > > 1) is jk_chrootsh in /etc/shells ? > > 2) is there any logging from jk_chrootsh in your logs? > grep jk_ /var/log/* > > Olivier > > > _______________________________________________ > Jailkit-users mailing list > address@hidden > http://lists.nongnu.org/mailman/listinfo/jailkit-users Chat to your friends for free on selected mobiles. Learn more. |
[Prev in Thread] | Current Thread | [Next in Thread] |