Chroot gone wrong, can't ssh with user
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.
Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure
to see if that could shed any light on it, and I got the following.
: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns
I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User
, and the startup script is set ot /bin/bash
, and I've removed the section of code in /etc/ssh/sshd_config
to revert it back to its original settings.
I'm completely lost at this point. Any insight would be appreciated.
New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.
After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.
....so I guess this is solved, but what the heck went on there?
Update
Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config
so that it it would chroot to the chroot folder.
Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr
I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.
: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied
Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.
ssh chroot scientific-linux
add a comment |
up vote
3
down vote
favorite
Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.
Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure
to see if that could shed any light on it, and I got the following.
: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns
I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User
, and the startup script is set ot /bin/bash
, and I've removed the section of code in /etc/ssh/sshd_config
to revert it back to its original settings.
I'm completely lost at this point. Any insight would be appreciated.
New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.
After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.
....so I guess this is solved, but what the heck went on there?
Update
Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config
so that it it would chroot to the chroot folder.
Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr
I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.
: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied
Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.
ssh chroot scientific-linux
Did you check for those two files under chroot or real root? Have you restarted sshd after editingsshd_config
?
– artm
Oct 10 '14 at 21:37
Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05
add a comment |
up vote
3
down vote
favorite
up vote
3
down vote
favorite
Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.
Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure
to see if that could shed any light on it, and I got the following.
: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns
I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User
, and the startup script is set ot /bin/bash
, and I've removed the section of code in /etc/ssh/sshd_config
to revert it back to its original settings.
I'm completely lost at this point. Any insight would be appreciated.
New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.
After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.
....so I guess this is solved, but what the heck went on there?
Update
Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config
so that it it would chroot to the chroot folder.
Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr
I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.
: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied
Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.
ssh chroot scientific-linux
Distribution: Scientific Linux 6.5 (Carbon), not exactly your typical brand of linux.
Tried to chroot a user using these instructions for SSH and quite obviously failed, and now I can't even log in with that user. I checked /var/log/secure
to see if that could shed any light on it, and I got the following.
: Address aaa.bbb.ccc.ddd maps to "A_Certain_Computer"
: Accepted password for student.fesns from aaa.bbb.ccc.ddd port ##### ssh2
: pam_unix(sshd:session): session opened for user student.fesns by (uid=0)
: error: /dev/pts/2: No such file or directory
: error: open /dev/tty failed - could not set controlling tty: No such file or directory
: pam_unix(sshd:session): session closed for user student.fesns
I checked both the files, and they do actually exist. I then attempted to reverted the changes I made to try and chroot the user, so the home directory is back to /home/User
, and the startup script is set ot /bin/bash
, and I've removed the section of code in /etc/ssh/sshd_config
to revert it back to its original settings.
I'm completely lost at this point. Any insight would be appreciated.
New Informatoin
I've also added another user and been able to login successfully. I then changed its group to the group of the first user, and then it did the same thing as the first one.
After that I deleted and reecreated the group, still couldn't login. Then I changed the user and test account to a different group and it worked fine.
....so I guess this is solved, but what the heck went on there?
Update
Alright, so I was back at it today. Used pretty much the same instructions after giving everything a nice clean slate. Created the environment using the make_chroot_jail.sh script. Altered the /etc/ssh/sshd_config
so that it it would chroot to the chroot folder.
Folder Scheme: /home/chroot/bin,dev,etc,home,lib,lib64,sbin,usr
I've also confirmed that the dev folder contains the tty character device, and in addition, I learned that the pts items couldn't be called normally becuase they weren't really files or something. In any case, followed that lead, and restarted the service and instead of the original error I then got the following.
: error: /dev/pts/1: Permission denied
: error: open /dev/tty failed - could not set controlling tty: Permission denied
Time's up today though, I'm going to try freeing up the permissions on the two files but that sorta defeats part of the purpose of doing the chroot.
ssh chroot scientific-linux
ssh chroot scientific-linux
edited Oct 16 '14 at 21:16
asked Oct 10 '14 at 19:27
Mason
2616
2616
Did you check for those two files under chroot or real root? Have you restarted sshd after editingsshd_config
?
– artm
Oct 10 '14 at 21:37
Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05
add a comment |
Did you check for those two files under chroot or real root? Have you restarted sshd after editingsshd_config
?
– artm
Oct 10 '14 at 21:37
Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05
Did you check for those two files under chroot or real root? Have you restarted sshd after editing
sshd_config
?– artm
Oct 10 '14 at 21:37
Did you check for those two files under chroot or real root? Have you restarted sshd after editing
sshd_config
?– artm
Oct 10 '14 at 21:37
Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05
Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05
add a comment |
2 Answers
2
active
oldest
votes
up vote
1
down vote
Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
add a comment |
up vote
0
down vote
Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.
root-shell> mount --bind /dev /var/jail/dev
root-shell> mount --bind /dev/pts /var/jail/dev/pts
Regards,
David
New contributor
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
add a comment |
up vote
1
down vote
Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
add a comment |
up vote
1
down vote
up vote
1
down vote
Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.
Given your description of the solution, you must have made some error with the group permissions when you set the chroot up. Since you've deleted and re-created everything, it's hard to figure out exactly what it was. At a guess, you've managed to create settings where the files within the chroot were readable for everyone except for the one group that the users were in when you started.
answered Oct 13 '14 at 7:40
Jenny D
10.4k22745
10.4k22745
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
add a comment |
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
Made some progress today, not exactly much but its something. Please check it out.
– Mason
Oct 16 '14 at 21:17
add a comment |
up vote
0
down vote
Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.
root-shell> mount --bind /dev /var/jail/dev
root-shell> mount --bind /dev/pts /var/jail/dev/pts
Regards,
David
New contributor
add a comment |
up vote
0
down vote
Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.
root-shell> mount --bind /dev /var/jail/dev
root-shell> mount --bind /dev/pts /var/jail/dev/pts
Regards,
David
New contributor
add a comment |
up vote
0
down vote
up vote
0
down vote
Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.
root-shell> mount --bind /dev /var/jail/dev
root-shell> mount --bind /dev/pts /var/jail/dev/pts
Regards,
David
New contributor
Try 'mount --bind' the following directories. Make sure you do /dev first then /dev/pts.
root-shell> mount --bind /dev /var/jail/dev
root-shell> mount --bind /dev/pts /var/jail/dev/pts
Regards,
David
New contributor
New contributor
answered Nov 19 at 5:16
David Loh
11
11
New contributor
New contributor
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f160461%2fchroot-gone-wrong-cant-ssh-with-user%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Did you check for those two files under chroot or real root? Have you restarted sshd after editing
sshd_config
?– artm
Oct 10 '14 at 21:37
Originally I had only checked the real root, but after working with it today I did confirm that it is also in the chroot as well.
– Mason
Oct 16 '14 at 21:05